class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project= Project()
self.user= User()
self.repo= Repository()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete project(PA);
self.project.delete_project(TestProjects.project_del_repo_id, **TestProjects.USER_del_repo_CLIENT)
#2. Delete user(UA).
self.user.delete_user(TestProjects.user_del_repo_id, **ADMIN_CLIENT)
def testDelRepo(self):
"""
Test case:
Delete a repository
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Create a new repository(RA) in project(PA) by user(UA);
4. Get repository in project(PA), there should be one repository which was created by user(UA);
5. Delete repository(RA) by user(UA);
6. Get repository by user(UA), it should get nothing;
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
user_del_repo_password = "******"
#1. Create a new user(UA);
TestProjects.user_del_repo_id, user_del_repo_name = self.user.create_user(user_password = user_del_repo_password, **ADMIN_CLIENT)
TestProjects.USER_del_repo_CLIENT=dict(endpoint = url, username = user_del_repo_name, password = user_del_repo_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_del_repo_id, TestProjects.project_del_repo_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_del_repo_CLIENT)
#3. Create a new repository(RA) in project(PA) by user(UA);
repo_name, _ = push_self_build_image_to_project(TestProjects.project_del_repo_name, harbor_server, 'admin', 'Harbor12345', "hello-world", "latest")
#4. Get repository in project(PA), there should be one repository which was created by user(UA);
repo_data = self.repo.list_repositories(TestProjects.project_del_repo_name, **TestProjects.USER_del_repo_CLIENT)
_assert_status_code(repo_name, repo_data[0].name)
#5. Delete repository(RA) by user(UA);
self.repo.delete_repository(TestProjects.project_del_repo_name, repo_name.split('/')[1], **TestProjects.USER_del_repo_CLIENT)
#6. Get repository by user(UA), it should get nothing;
repo_data = self.repo.list_repositories(TestProjects.project_del_repo_name, **TestProjects.USER_del_repo_CLIENT)
_assert_status_code(len(repo_data), 0)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA);
self.repo.delete_repository(TestProjects.project_src_repo_name,
(TestProjects.src_repo_name).split('/')[1],
**TestProjects.USER_RETAG_CLIENT)
#2. Delete repository by retag;
self.repo.delete_repository(TestProjects.project_dst_repo_name,
(TestProjects.dst_repo_name).split('/')[1],
**TestProjects.USER_RETAG_CLIENT)
#3. Delete project(PA);
self.project.delete_project(TestProjects.project_src_repo_id,
**TestProjects.USER_RETAG_CLIENT)
self.project.delete_project(TestProjects.project_dst_repo_id,
**TestProjects.USER_RETAG_CLIENT)
#4. Delete user(UA).
self.user.delete_user(TestProjects.user_retag_id, **ADMIN_CLIENT)
def testRetag(self):
"""
Test case:
Retag Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Create a new project(PB) by user(UA);
4. Update role of user-retag as guest member of project(PB);
5. Create a new repository(RA) in project(PA) by user(UA);
6. Get repository in project(PA), there should be one repository which was created by user(UA);
7. Get repository(RA)'s image tag detail information;
8. Retag image in project(PA) to project(PB), it should be forbidden;
9. Update role of user-retag as admin member of project(PB);
10. Retag image in project(PA) to project(PB), it should be successful;
11. Get repository(RB)'s image tag detail information;
12. Read digest of retaged image, it must be the same with the image in repository(RA);
13. Pull image from project(PB) by user_retag, it must be successful;
Tear down:
1. Delete repository(RA);
2. Delete repository by retag;
3. Delete project(PA);
4. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
user_retag_password = "******"
pull_tag_name = "latest"
dst_repo_sub_name = "repo"
#1. Create a new user(UA);
TestProjects.user_retag_id, user_retag_name = self.user.create_user(
user_password=user_retag_password, **ADMIN_CLIENT)
TestProjects.USER_RETAG_CLIENT = dict(endpoint=url,
username=user_retag_name,
password=user_retag_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT)
#3. Create a new project(PB) by user(UA);
TestProjects.project_dst_repo_id, TestProjects.project_dst_repo_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT)
retag_member_id = self.project.get_project_member_id(
TestProjects.project_dst_repo_id, user_retag_name,
**TestProjects.USER_RETAG_CLIENT)
#4. Update role of user-retag as guest member of project(PB);
self.project.update_project_member_role(
TestProjects.project_dst_repo_id, retag_member_id, 3,
**ADMIN_CLIENT)
#5. Create a new repository(RA) in project(PA) by user(UA);
TestProjects.src_repo_name, tag_name = push_self_build_image_to_project(
TestProjects.project_src_repo_name, harbor_server, 'admin',
'Harbor12345', "hello-world", pull_tag_name)
#6. Get repository in project(PA), there should be one repository which was created by user(UA);
src_repo_data = self.repo.list_repositories(
TestProjects.project_src_repo_name,
**TestProjects.USER_RETAG_CLIENT)
_assert_status_code(TestProjects.src_repo_name, src_repo_data[0].name)
#7. Get repository(RA)'s image tag detail information;
src_tag_data = self.artifact.get_reference_info(
TestProjects.project_src_repo_name,
TestProjects.src_repo_name.split('/')[1], tag_name,
**TestProjects.USER_RETAG_CLIENT)
TestProjects.dst_repo_name = TestProjects.project_dst_repo_name + "/" + dst_repo_sub_name
#8. Retag image in project(PA) to project(PB), it should be forbidden;
self.artifact.copy_artifact(TestProjects.project_dst_repo_name,
dst_repo_sub_name,
TestProjects.src_repo_name + "@" +
src_tag_data.digest,
expect_status_code=403,
**TestProjects.USER_RETAG_CLIENT)
#9. Update role of user-retag as admin member of project(PB);
self.project.update_project_member_role(
TestProjects.project_dst_repo_id, retag_member_id, 1,
**ADMIN_CLIENT)
#10. Retag image in project(PA) to project(PB), it should be successful;
self.artifact.copy_artifact(
TestProjects.project_dst_repo_name, dst_repo_sub_name,
TestProjects.src_repo_name + "@" + src_tag_data.digest,
**TestProjects.USER_RETAG_CLIENT)
#11. Get repository(RB)'s image tag detail information;
dst_tag_data = self.artifact.get_reference_info(
TestProjects.project_dst_repo_name, dst_repo_sub_name, tag_name,
**TestProjects.USER_RETAG_CLIENT)
#12. Read digest of retaged image, it must be the same with the image in repository(RA);
self.assertEqual(src_tag_data.digest, dst_tag_data.digest)
#13. Pull image from project(PB) by user_retag, it must be successful;"
pull_harbor_image(harbor_server, user_retag_name, user_retag_password,
TestProjects.dst_repo_name, tag_name)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.repo_name_1 = "test1_sign"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
# remove the deletion as the signed image cannot be deleted.
#1. Delete repository(RA) by user(UA);
#self.repo.delete_repository(TestProjects.project_sign_image_name, TestProjects.repo_name.split('/')[1], **TestProjects.USER_sign_image_CLIENT)
#2. Delete project(PA);
#self.project.delete_project(TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)
def testSignImage(self):
"""
Test case:
Sign A Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Sign image with tag(TA) which was tagged by step #5;
7. Get signature of image with tag(TA), it should be exist.
Tear down:
NA
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_sign_image_CLIENT = dict(
with_signature=True,
endpoint=url,
username=user_sign_image_name,
password=user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(
TestProjects.project_sign_image_id,
user_id=TestProjects.user_sign_image_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_sign_image_id,
**TestProjects.USER_sign_image_CLIENT)
#Note:busybox is pulled in setup phase, and setup is a essential phase.
image = "busybox"
tag = "latest"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
#TestProjects.repo_name, tag = push_self_build_image_to_project(TestProjects.project_sign_image_name, harbor_server, user_sign_image_name, user_001_password, image, src_tag)
#6. Sign image with tag(TA) which was tagged by step #5;
sign_image(harbor_server, TestProjects.project_sign_image_name, image,
tag)
#7. Get signature of image with tag(TA), it should be exist.
artifact = self.artifact.get_reference_info(
TestProjects.project_sign_image_name, image, tag,
**TestProjects.USER_sign_image_CLIENT)
self.assertEqual(artifact.tags[0].signed, True)
push_special_image_to_project(TestProjects.project_sign_image_name,
harbor_server, user_sign_image_name,
user_001_password, self.repo_name_1,
['1.0'])
self.repo.delete_repository(TestProjects.project_sign_image_name,
self.repo_name_1,
**TestProjects.USER_sign_image_CLIENT)
self.repo.delete_repository(
TestProjects.project_sign_image_name,
image,
expect_status_code=412,
expect_response_body="with signature cannot be deleted",
**TestProjects.USER_sign_image_CLIENT)
class TestTagImmutability(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.url = ADMIN_CLIENT["endpoint"]
self.user_password = "******"
self.project= Project()
self.user= User()
self.repo= Repository()
self.registry = Registry()
self.artifact = Artifact()
self.tag_immutability = Tag_Immutability()
self.project_id, self.project_name, self.user_id, self.user_name = [None] * 4
self.user_id, self.user_name = self.user.create_user(user_password = self.user_password, **ADMIN_CLIENT)
self.USER_CLIENT = dict(with_signature = True, with_immutable_status = True, endpoint = self.url, username = self.user_name, password = self.user_password)
self.exsiting_rule = dict(selector_repository="rel*", selector_tag="v2.*")
self.project_id, self.project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT)
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
print("Case completed")
def check_tag_immutability(self, artifact, tag_name, status = True):
for tag in artifact.tags:
if tag.name == tag_name:
self.assertTrue(tag.immutable == status)
return
raise Exception("No tag {} found in artifact {}".format(tag, artifact))
def test_disability_of_rules(self):
"""
Test case:
Test Disability Of Rules
Test step and expected result:
1. Create a new project;
2. Push image A to the project with 2 tags A and B;
3. Create a disabled rule matched image A with tag A;
4. Both tags of image A should not be immutable;
5. Enable this rule;
6. image A with tag A should be immutable.
"""
image_a = dict(name="image_disability_a", tag1="latest", tag2="6.2.2")
#1. Create a new project;
project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT)
#2. Push image A to the project with 2 tags;
push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]])
#3. Create a disabled rule matched image A;
rule_id = self.tag_immutability.create_rule(project_id, disabled = True, selector_repository=image_a["name"], selector_tag=str(image_a["tag1"])[0:2] + "*", **self.USER_CLIENT)
#4. Both tags of image A should not be immutable;
artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_disability_of_rules] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag1"], status = False)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = False)
#5. Enable this rule;
self.tag_immutability.update_tag_immutability_policy_rule(project_id, rule_id, disabled = False, **self.USER_CLIENT)
#6. image A with tag A should be immutable.
artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_disability_of_rules] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag1"], status = True)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = False)
def test_artifact_and_repo_is_undeletable(self):
"""
Test case:
Test Artifact And Repo is Undeleteable
Test step and expected result:
1. Create a new project;
2. Push image A to the project with 2 tags A and B;
3. Create a enabled rule matched image A with tag A;
4. Tag A should be immutable;
5. Artifact is undeletable;
6. Repository is undeletable.
"""
image_a = dict(name="image_repo_undeletable_a", tag1="latest", tag2="1.3.2")
#1. Create a new project;
project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT)
#2. Push image A to the project with 2 tags A and B;
push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]])
#3. Create a enabled rule matched image A with tag A;
self.tag_immutability.create_rule(project_id, selector_repository=image_a["name"], selector_tag=str(image_a["tag1"])[0:2] + "*", **self.USER_CLIENT)
#4. Tag A should be immutable;
artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_artifact_and_repo_is_undeletable] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag1"], status = True)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = False)
#5. Artifact is undeletable;
self.artifact.delete_artifact(project_name, image_a["name"], image_a["tag1"], expect_status_code = 412,expect_response_body = "configured as immutable, cannot be deleted", **self.USER_CLIENT)
#6. Repository is undeletable.
self.repo.delete_repository(project_name, image_a["name"], expect_status_code = 412, expect_response_body = "configured as immutable, cannot be deleted", **self.USER_CLIENT)
def test_tag_is_undeletable(self):
"""
Test case:
Test Tag is Undeleteable
Test step and expected result:
1. Push image A to the project with 2 tags A and B;
2. Create a enabled rule matched image A with tag A;
3. Tag A should be immutable;
4. Tag A is undeletable;
5. Tag B is deletable.
"""
image_a = dict(name="image_undeletable_a", tag1="latest", tag2="9.3.2")
#1. Push image A to the project with 2 tags A and B;
push_special_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]])
#2. Create a enabled rule matched image A with tag A;
self.tag_immutability.create_rule(self.project_id, selector_repository=image_a["name"], selector_tag=str(image_a["tag2"])[0:2] + "*", **self.USER_CLIENT)
#3. Tag A should be immutable;
artifact_a = self.artifact.get_reference_info(self.project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_tag_is_undeletable] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = True)
#4. Tag A is undeletable;
self.artifact.delete_tag(self.project_name, image_a["name"], image_a["tag1"], image_a["tag2"], expect_status_code = 412, **self.USER_CLIENT)
#5. Tag B is deletable.
self.artifact.delete_tag(self.project_name, image_a["name"], image_a["tag1"], image_a["tag1"], **self.USER_CLIENT)
def test_image_is_unpushable(self):
"""
Test case:
Test Image is Unpushable
Test step and expected result:
1. Create a new project;
2. Push image A to the project with 2 tags A and B;
3. Create a enabled rule matched image A with tag A;
4. Tag A should be immutable;
5. Can not push image with the same image name and with the same tag name.
"""
image_a = dict(name="image_unpushable_a", tag1="latest", tag2="1.3.2")
#1. Create a new project;
project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT)
#2. Push image A to the project with 2 tags A and B;
push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]])
#3. Create a enabled rule matched image A with tag A;
self.tag_immutability.create_rule(project_id, selector_repository=image_a["name"], selector_tag=str(image_a["tag1"])[0:2] + "*", **self.USER_CLIENT)
#4. Tag A should be immutable;
artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_image_is_unpushable] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag1"], status = True)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = False)
#5. Can not push image with the same image name and with the same tag name.
push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"]], size=10
, expected_error_message = "configured as immutable")
def test_copy_disability(self):
"""
Test case:
Test Copy Disability
Test step and expected result:
1. Create 2 projects;
2. Push image A with tag A and B to project A, push image B which has the same image name and tag name to project B;
3. Create a enabled rule matched image A with tag A;
4. Tag A should be immutable;
5. Can not copy artifact from project A to project B with the same repository name.
"""
image_a = dict(name="image_copy_disability_a", tag1="latest", tag2="1.3.2")
#1. Create 2 projects;
project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT)
_, project_name_src = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT)
#2. Push image A with tag A and B to project A, push image B which has the same image name and tag name to project B;
push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]])
push_special_image_to_project(project_name_src, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]])
#3. Create a enabled rule matched image A with tag A;
self.tag_immutability.create_rule(project_id, selector_repository=image_a["name"], selector_tag=str(image_a["tag1"])[0:2] + "*", **self.USER_CLIENT)
#4. Tag A should be immutable;
artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_copy_disability] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag1"], status = True)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = False)
#5. Can not copy artifact from project A to project B with the same repository name.
artifact_a_src = self.artifact.get_reference_info(project_name_src, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_copy_disability] - artifact_a_src:{}".format(artifact_a_src))
self.artifact.copy_artifact(project_name, image_a["name"], project_name_src+"/"+ image_a["name"] + "@" + artifact_a_src.digest, expect_status_code=412, expect_response_body = "configured as immutable, cannot be updated", **self.USER_CLIENT)
#def test_replication_disability(self):
# pass
def test_priority_of_rules(self):
"""
Test case:
Test Priority Of Rules(excluding rule will not affect matching rule)
Test step and expected result:
1. Push image A, B and C, image A has only 1 tag named tag1;
2. Create a matching rule that matches image A and tag named tag2 which is not exist;
3. Create a excluding rule to exlude image A and B;
4. Add a tag named tag2 to image A, tag2 should be immutable;
5. Tag2 should be immutable;
6. All tags in image B should be immutable;
7. All tags in image C should not be immutable;
8. Disable all rules.
"""
image_a = dict(name="image_priority_a", tag1="latest", tag2="6.3.2")
image_b = dict(name="image_priority_b", tag1="latest", tag2="0.12.0")
image_c = dict(name="image_priority_c", tag1="latest", tag2="3.12.0")
#1. Push image A, B and C, image A has only 1 tag named tag1;
push_special_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"]])
push_special_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image_b["name"], [image_b["tag1"],image_b["tag2"]])
push_special_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image_c["name"], [image_c["tag1"],image_c["tag2"]])
#2. Create a matching rule that matches image A and tag named tag2 which is not exist;
rule_id_1 = self.tag_immutability.create_rule(self.project_id, selector_repository=image_a["name"], selector_tag=image_a["tag2"], **self.USER_CLIENT)
#3. Create a excluding rule to exlude image A and B;
rule_id_2 = self.tag_immutability.create_rule(self.project_id, selector_repository_decoration = "repoExcludes",
selector_repository="{image_priority_a,image_priority_b}", selector_tag="**", **self.USER_CLIENT)
#4. Add a tag named tag2 to image A, tag2 should be immutable;
self.artifact.create_tag(self.project_name, image_a["name"], image_a["tag1"], image_a["tag2"], **self.USER_CLIENT)
#5. Tag2 should be immutable;
artifact_a = self.artifact.get_reference_info(self.project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_priority_of_rules] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = True)
self.check_tag_immutability(artifact_a, image_a["tag1"], status = False)
#6. All tags in image B should be immutable;
artifact_b = self.artifact.get_reference_info(self.project_name, image_b["name"], image_b["tag2"], **self.USER_CLIENT)
print("[test_priority_of_rules] - artifact:{}".format(artifact_b))
self.assertTrue(artifact_b)
self.check_tag_immutability(artifact_b, image_b["tag2"], status = False)
self.check_tag_immutability(artifact_b, image_b["tag1"], status = False)
#7. All tags in image C should not be immutable;
artifact_c = self.artifact.get_reference_info(self.project_name, image_c["name"], image_c["tag2"], **self.USER_CLIENT)
print("[test_priority_of_rules] - artifact:{}".format(artifact_c))
self.assertTrue(artifact_c)
self.check_tag_immutability(artifact_c, image_c["tag2"], status = True)
self.check_tag_immutability(artifact_c, image_c["tag1"], status = True)
#8. Disable all rules.
self.tag_immutability.update_tag_immutability_policy_rule(self.project_id, rule_id_1, disabled = True, **self.USER_CLIENT)
self.tag_immutability.update_tag_immutability_policy_rule(self.project_id, rule_id_2, disabled = True, **self.USER_CLIENT)
def test_add_exsiting_rule(self):
"""
Test case:
Test Priority Of Rules(excluding rule will not affect matching rule)
Test step and expected result:
1. Push image A and B with no tag;
2. Create a immutability policy rule A;
3. Fail to create rule B which has the same config as rule A;
"""
self.tag_immutability.create_tag_immutability_policy_rule(self.project_id, **self.exsiting_rule, **self.USER_CLIENT)
self.tag_immutability.create_tag_immutability_policy_rule(self.project_id, **self.exsiting_rule, expect_status_code = 409, **self.USER_CLIENT)
class TestRobotAccount(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
self.artifact = Artifact()
self.robot = Robot()
self.scan = Scan()
self.label = Label()
self.chart= Chart()
TestRobotAccount.url = ADMIN_CLIENT["endpoint"]
TestRobotAccount.user_ra_password = "******"
print("setup")
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def do_01_tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repository(self.project_ra_name_a, self.repo_name_in_project_a.split('/')[1], **self.USER_RA_CLIENT)
self.repo.delete_repository(self.project_ra_name_b, self.repo_name_in_project_b.split('/')[1], **self.USER_RA_CLIENT)
self.repo.delete_repository(self.project_ra_name_c, self.repo_name_in_project_c.split('/')[1], **self.USER_RA_CLIENT)
self.repo.delete_repository(self.project_ra_name_a, self.repo_name_pa.split('/')[1], **self.USER_RA_CLIENT)
#2. Delete project(PA);
self.project.delete_project(self.project_ra_id_a, **self.USER_RA_CLIENT)
self.project.delete_project(self.project_ra_id_b, **self.USER_RA_CLIENT)
self.project.delete_project(self.project_ra_id_c, **self.USER_RA_CLIENT)
#3. Delete user(UA).
self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT)
def test_01_ProjectlevelRobotAccount(self):
"""
Test case:
Robot Account
Test step and expected result:
1. Create user(UA);
2. Create private project(PA), private project(PB) and public project(PC) by user(UA);
3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);
4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA);
5. Check robot account info, it should has both pull and push priviliges;
6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;
7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;
8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;
9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;
10. Pull image from project(PC), it must be successful;
11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;
12. Update action property of robot account(RA);
13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;
14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;
15. Delete robot account(RA), it must be not successful.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
image_project_a = "haproxy"
image_project_b = "hello-world"
image_project_c = "httpd"
image_robot_account = "alpine"
tag = "latest"
#1. Create user(UA);"
self.user_ra_id, user_ra_name = self.user.create_user(user_password = TestRobotAccount.user_ra_password, **ADMIN_CLIENT)
self.USER_RA_CLIENT=dict(endpoint = TestRobotAccount.url, username = user_ra_name, password = TestRobotAccount.user_ra_password)
#2. Create private project(PA), private project(PB) and public project(PC) by user(UA);
self.project_ra_id_a, self.project_ra_name_a = self.project.create_project(metadata = {"public": "false"}, **self.USER_RA_CLIENT)
self.project_ra_id_b, self.project_ra_name_b = self.project.create_project(metadata = {"public": "false"}, **self.USER_RA_CLIENT)
self.project_ra_id_c, self.project_ra_name_c = self.project.create_project(metadata = {"public": "true"}, **self.USER_RA_CLIENT)
#3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);
self.repo_name_in_project_a, tag_a = push_self_build_image_to_project(self.project_ra_name_a, harbor_server, user_ra_name, TestRobotAccount.user_ra_password, image_project_a, tag)
self.repo_name_in_project_b, tag_b = push_self_build_image_to_project(self.project_ra_name_b, harbor_server, user_ra_name, TestRobotAccount.user_ra_password, image_project_b, tag)
self.repo_name_in_project_c, tag_c = push_self_build_image_to_project(self.project_ra_name_c, harbor_server, user_ra_name, TestRobotAccount.user_ra_password, image_project_c, tag)
#4. Create a new robot account(RA) with pull and push privilege in project(PA) by user(UA);
robot_id, robot_account = self.robot.create_project_robot(self.project_ra_name_a,
30 ,**self.USER_RA_CLIENT)
#5. Check robot account info, it should has both pull and push privilege;
data = self.robot.get_robot_account_by_id(robot_id, **self.USER_RA_CLIENT)
_assert_status_code(robot_account.name, data.name)
#6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;
pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, self.repo_name_in_project_a, tag_a)
#7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;
self.repo_name_pa, _ = push_self_build_image_to_project(self.project_ra_name_a, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag)
#8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;
push_self_build_image_to_project(self.project_ra_name_b, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_error_message = "unauthorized to access repository")
#9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;
pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, self.repo_name_in_project_b, tag_b, expected_error_message = "unauthorized to access repository")
#10. Pull image from project(PC), it must be successful;
pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, self.repo_name_in_project_c, tag_c)
#11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;
push_self_build_image_to_project(self.project_ra_name_c, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_error_message = "unauthorized to access repository")
#12. Update action property of robot account(RA);"
self.robot.disable_robot_account(robot_id, True, **self.USER_RA_CLIENT)
#13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;
pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, self.repo_name_in_project_a, tag_a, expected_login_error_message = "unauthorized: authentication required")
#14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;
push_self_build_image_to_project(self.project_ra_name_a, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_login_error_message = "unauthorized: authentication required")
#15. Delete robot account(RA), it must be not successful.
self.robot.delete_robot_account(robot_id, **self.USER_RA_CLIENT)
self.do_01_tearDown()
def verify_repository_pushable(self, project_access_list, system_ra_client):
for project_access in project_access_list:
print(r"project_access:", project_access)
if project_access["check_list"][1]: #---repository:push---
repo = push_self_build_image_to_project(project_access["project_name"], harbor_server, system_ra_client["username"], system_ra_client["password"], "test_pushable"+base._random_name("repo"), "v6.8.1"+base._random_name("tag"))
else:
push_self_build_image_to_project(project_access["project_name"], harbor_server, system_ra_client["username"], system_ra_client["password"], "test_unpushable"+base._random_name("repo"), "v6.8.1"+base._random_name("tag"), expected_error_message = "unauthorized to access repository")
def verify_repository_unpushable(self, project_access_list, system_ra_client, expected_login_error_message = "unauthorized: authentication required", expected_error_message = ""):
for project_access in project_access_list: #---repository:push---
push_self_build_image_to_project(
project_access["project_name"],
harbor_server, system_ra_client["username"], system_ra_client["password"],
"test_unpushable"+base._random_name("repo"), "v6.8.1"+base._random_name("tag"),
expected_login_error_message = expected_login_error_message,
expected_error_message = expected_error_message
)
def test_02_SystemlevelRobotAccount(self):
"""
Test case:
Robot Account
Test step and expected result:
1. Define a number of access lists;
2. Create the same number of private projects;
3. Create a system robot account has permission for those projects;
4. Verify the system robot account has all the corresponding rights;
5. Disable the system robot account;
6. Verify the system robot account has no the corresponding rights;
7. Enable the system robot account;
8. Verify the system robot account has the corresponding rights;
9. Refresh secret for the system robot account;
10. Verify the system robot account has no the corresponding right with the old secret already;
11. Verify the system robot account still has the corresponding right with the new secret;
12. List system robot account, then add a new project to the system robot account project permission list;
13. Verify the system robot account has the corresponding right for this new project;
14. Edit the system robot account as removing this new project from it;
15. Verify the system robot account has no the corresponding right for this new project;
16. Delete this project;
17. List system robot account successfully;
18. Delete the system robot account;
19. Verify the system robot account has no the corresponding right;
20. Add a system robot account with all projects coverd;
21. Verify the system robot account has no the corresponding right;
"""
#1. Define a number of access lists;
CHART_FILE_LIST = [dict(name = 'prometheus', version='7.0.2'), dict(name = 'harbor', version='0.2.0')]
for i in range(2):
base.run_command( ["curl", r"-o", "./tests/apitests/python/{}-{}.tgz".format(CHART_FILE_LIST[i]["name"], CHART_FILE_LIST[i]["version"]), "https://storage.googleapis.com/harbor-builds/helm-chart-test-files/{}-{}.tgz".format(CHART_FILE_LIST[i]["name"], CHART_FILE_LIST[i]["version"])])
#Make sure that whether 'True' or 'False' must be included in each line or row.
check_list = [
[True, True, True, True, True, True, False, True, False, True],
[False, False, False, False, True, True, False, True, True, False],
[True, False, True, False, True, False, True, False, True, True],
[False, False, False, True, False, True, False, True, True, False]
]
access_list_list = []
for i in range(len(check_list)):
access_list_list.append(self.robot.create_access_list(check_list[i]))
#2. Create the same number of private projects;
robot_account_Permissions_list = []
project_access_list = []
for i in range(len(check_list)):
with created_user(TestRobotAccount.user_ra_password, _teardown = False) as (user_id, username):
with created_project(metadata={"public": "false"}, user_id=user_id, _teardown = False) as (project_id, project_name):
project_access_list.append(dict(project_name = project_name, project_id = project_id, check_list = check_list[i]))
robot_account_Permissions = v2_swagger_client.RobotPermission(kind = "project", namespace = project_name, access = access_list_list[i])
robot_account_Permissions_list.append(robot_account_Permissions)
#3. Create a system robot account has permission for those projects;
system_robot_account_id, system_robot_account = self.robot.create_system_robot(robot_account_Permissions_list, 300)
print("system_robot_account:", system_robot_account)
SYSTEM_RA_CLIENT = dict(endpoint = TestRobotAccount.url, username = system_robot_account.name, password = system_robot_account.secret)
SYSTEM_RA_CHART_CLIENT = dict(endpoint = CHART_API_CLIENT["endpoint"], username = SYSTEM_RA_CLIENT["username"], password = SYSTEM_RA_CLIENT["password"])
#4. Verify the system robot account has all the corresponding rights;
for project_access in project_access_list:
print(r"project_access:", project_access)
if project_access["check_list"][1]: #---repository:push---
repo = push_self_build_image_to_project(project_access["project_name"], harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], "test_pushable", "v6.8.1")
else:
push_self_build_image_to_project(project_access["project_name"], harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], "test_unpushable", "v6.8.1", expected_error_message = "unauthorized to access repository")
tag_for_del = "v1.0.0"
repo_name, tag = push_self_build_image_to_project(project_access["project_name"], harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], "test_del_artifact", tag_for_del)
if project_access["check_list"][0]: #---repository:pull---
pull_harbor_image(harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], repo_name, tag_for_del)
else:
pull_harbor_image(harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], repo_name, tag_for_del, expected_error_message = "action: pull: unauthorized to access repository")
if project_access["check_list"][2]: #---artifact:delete---
self.artifact.delete_artifact(project_access["project_name"], repo_name.split('/')[1], tag_for_del, **SYSTEM_RA_CLIENT)
else:
self.artifact.delete_artifact(project_access["project_name"], repo_name.split('/')[1], tag_for_del, expect_status_code = 403, **SYSTEM_RA_CLIENT)
#Prepare for chart read and delete
self.chart.upload_chart(project_access["project_name"], r'./tests/apitests/python/{}-{}.tgz'.format(CHART_FILE_LIST[1]["name"], CHART_FILE_LIST[1]["version"]), **CHART_API_CLIENT)
if project_access["check_list"][3]: #---helm-chart:read---
library.helm.helm2_fetch_chart_file("chart_repo_" + base._random_name("repo"), harbor_url, project_access["project_name"], SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], CHART_FILE_LIST[1]["name"])
else:
library.helm.helm2_fetch_chart_file("chart_repo_" + base._random_name("repo"), harbor_url, project_access["project_name"], SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], CHART_FILE_LIST[1]["name"], expected_add_repo_error_message = "403 Forbidden")
if project_access["check_list"][4]: #---helm-chart-version:create---
self.chart.upload_chart(project_access["project_name"], r'./tests/apitests/python/{}-{}.tgz'.format(CHART_FILE_LIST[0]["name"], CHART_FILE_LIST[0]["version"]), **SYSTEM_RA_CHART_CLIENT)
else:
self.chart.upload_chart(project_access["project_name"], r'./tests/apitests/python/{}-{}.tgz'.format(CHART_FILE_LIST[0]["name"], CHART_FILE_LIST[0]["version"]), expect_status_code = 403, **SYSTEM_RA_CHART_CLIENT)
if project_access["check_list"][5]: #---helm-chart-version:delete---
self.chart.delete_chart_with_version(project_access["project_name"], CHART_FILE_LIST[1]["name"], CHART_FILE_LIST[1]["version"], **SYSTEM_RA_CHART_CLIENT)
else:
self.chart.delete_chart_with_version(project_access["project_name"], CHART_FILE_LIST[1]["name"], CHART_FILE_LIST[1]["version"], expect_status_code = 403, **SYSTEM_RA_CHART_CLIENT)
repo_name, tag = push_self_build_image_to_project(project_access["project_name"], harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], "test_create_tag", "latest_1")
self.artifact.create_tag(project_access["project_name"], repo_name.split('/')[1], tag, "for_delete", **ADMIN_CLIENT)
if project_access["check_list"][6]: #---tag:create---
self.artifact.create_tag(project_access["project_name"], repo_name.split('/')[1], tag, "1.0", **SYSTEM_RA_CLIENT)
else:
self.artifact.create_tag(project_access["project_name"], repo_name.split('/')[1], tag, "1.0", expect_status_code = 403, **SYSTEM_RA_CLIENT)
if project_access["check_list"][7]: #---tag:delete---
self.artifact.delete_tag(project_access["project_name"], repo_name.split('/')[1], tag, "for_delete", **SYSTEM_RA_CLIENT)
else:
self.artifact.delete_tag(project_access["project_name"], repo_name.split('/')[1], tag, "for_delete", expect_status_code = 403, **SYSTEM_RA_CLIENT)
repo_name, tag = push_self_build_image_to_project(project_access["project_name"], harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], "test_create_artifact_label", "latest_1")
#Add project level label to artifact
label_id, _ = self.label.create_label(project_id = project_access["project_id"], scope = "p", **ADMIN_CLIENT)
if project_access["check_list"][8]: #---artifact-label:create---
self.artifact.add_label_to_reference(project_access["project_name"], repo_name.split('/')[1], tag, int(label_id), **SYSTEM_RA_CLIENT)
else:
self.artifact.add_label_to_reference(project_access["project_name"], repo_name.split('/')[1], tag, int(label_id), expect_status_code = 403, **SYSTEM_RA_CLIENT)
if project_access["check_list"][9]: #---scan:create---
self.scan.scan_artifact(project_access["project_name"], repo_name.split('/')[1], tag, **SYSTEM_RA_CLIENT)
else:
self.scan.scan_artifact(project_access["project_name"], repo_name.split('/')[1], tag, expect_status_code = 403, **SYSTEM_RA_CLIENT)
#5. Disable the system robot account;
self.robot.update_system_robot_account(system_robot_account_id, system_robot_account.name, robot_account_Permissions_list, disable = True, **ADMIN_CLIENT)
#6. Verify the system robot account has no the corresponding rights;
self.verify_repository_unpushable(project_access_list, SYSTEM_RA_CLIENT)
#7. Enable the system robot account;
self.robot.update_system_robot_account(system_robot_account_id, system_robot_account.name, robot_account_Permissions_list, disable = False, **ADMIN_CLIENT)
#8. Verify the system robot account has the corresponding rights;
self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT)
#9. Refresh secret for the system robot account;
new_secret = "new_secret_At_321"
self.robot.refresh_robot_account_secret(system_robot_account_id, new_secret, **ADMIN_CLIENT)
#10. Verify the system robot account has no the corresponding right with the old secret already;
self.verify_repository_unpushable(project_access_list, SYSTEM_RA_CLIENT)
#11. Verify the system robot account still has the corresponding right with the new secret;
SYSTEM_RA_CLIENT["password"] = new_secret
self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT)
#12. List system robot account, then add a new project to the system robot account project permission list;
self.robot.list_robot(**ADMIN_CLIENT)
project_for_del_id, project_for_del_name = self.project.create_project(metadata = {"public": "true"}, **ADMIN_CLIENT)
robot_account_Permissions = v2_swagger_client.RobotPermission(kind = "project", namespace = project_for_del_name, access = access_list_list[0])
robot_account_Permissions_list.append(robot_account_Permissions)
self.robot.update_system_robot_account(system_robot_account_id, system_robot_account.name, robot_account_Permissions_list, **ADMIN_CLIENT)
self.robot.list_robot(**ADMIN_CLIENT)
#13. Verify the system robot account has the corresponding right for this new project;
project_access_list.append(dict(project_name = project_for_del_name, project_id = project_for_del_id, check_list = [True] * 10))
self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT)
#14. Edit the system robot account as removing this new project from it;
robot_account_Permissions_list.remove(robot_account_Permissions)
self.robot.update_system_robot_account(system_robot_account_id, system_robot_account.name, robot_account_Permissions_list, **ADMIN_CLIENT)
self.robot.list_robot(**ADMIN_CLIENT)
#15. Verify the system robot account has no the corresponding right for this new project;
project_access_list_for_del = [dict(project_name = project_for_del_name, project_id = project_for_del_id, check_list = [True] * 10)]
self.verify_repository_unpushable(
project_access_list_for_del, SYSTEM_RA_CLIENT,
expected_login_error_message = "",
expected_error_message = "action: push: unauthorized to access repository"
)
#16. Delete this project;
self.repo.clear_repositories(project_for_del_name, **ADMIN_CLIENT)
self.project.delete_project(project_for_del_id, **ADMIN_CLIENT)
#17. List system robot account successfully;
self.robot.list_robot(**ADMIN_CLIENT)
#18. Delete the system robot account;
self.robot.delete_robot_account(system_robot_account_id, **ADMIN_CLIENT)
#19. Verify the system robot account has no the corresponding right;
self.verify_repository_unpushable(project_access_list, SYSTEM_RA_CLIENT)
#20. Add a system robot account with all projects coverd;
all_true_access_list= self.robot.create_access_list( [True] * 10 )
robot_account_Permissions_list = []
robot_account_Permissions = v2_swagger_client.RobotPermission(kind = "project", namespace = "*", access = all_true_access_list)
robot_account_Permissions_list.append(robot_account_Permissions)
_, system_robot_account_cover_all = self.robot.create_system_robot(robot_account_Permissions_list, 300)
#21. Verify the system robot account has no the corresponding right;
print("system_robot_account_cover_all:", system_robot_account_cover_all)
SYSTEM_RA_CLIENT_COVER_ALL = dict(endpoint = TestRobotAccount.url, username = system_robot_account_cover_all.name, password = system_robot_account_cover_all.secret)
projects = self.project.get_projects(dict(), **ADMIN_CLIENT)
print("All projects:", projects)
project_access_list = []
for i in range(len(projects)):
project_access_list.append(dict(project_name = projects[i].name, project_id = projects[i].project_id, check_list = all_true_access_list))
self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT_COVER_ALL)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA) by admin;
self.repo.delete_repository(TestProjects.project_alice_name, TestProjects.repo_name.split('/')[1], **ADMIN_CLIENT)
#2. Delete project(Alice);
self.project.delete_project(TestProjects.project_alice_id, **ADMIN_CLIENT)
#3. Delete user Alice, Bob and Carol.
self.user.delete_user(TestProjects.user_alice_id, **ADMIN_CLIENT)
self.user.delete_user(TestProjects.user_bob_id, **ADMIN_CLIENT)
self.user.delete_user(TestProjects.user_carol_id, **ADMIN_CLIENT)
def testManageProjectMember(self):
"""
Test case:
Manage Project members
Test step and expected result:
1. Create user Alice, Bob, Carol;
2. Create private project(Alice) by Alice, Add a repository to project(Alice) by Alice;
3. Bob is not a member of project(Alice);
4. Alice Add Bob as a guest member of project(Alice), Check Bob is a guest member of project(Alice);
5. Update role of Bob to developer of project(Alice), Check Bob is developer member of project(Alice);
6. Update role of Bob to admin member of project(Alice), Check Bob is admin member of project(Alice);
7. Bob add Carol to project(Alice) as a guest member, Carol is a member of project(Alice) as a guest;
8. Alice delete Bob from project(Alice),
Bob is no longer a member of project(Alice) and Bob can see project(Alice),
Carol is still a member of project(Alice) as a guest.
Tear down:
1. Delete repository(RA) by admin;
2. Delete project(Alice);
3. Delete user Alice, Bob and Carol.
"""
url = ADMIN_CLIENT["endpoint"]
user_alice_password = "******"
user_bob_password = "******"
user_carol_password = "******"
#1.1 Create user Alice
TestProjects.user_alice_id, user_alice_name = self.user.create_user(user_password = user_alice_password, **ADMIN_CLIENT)
USER_ALICE_CLIENT=dict(endpoint = url, username = user_alice_name, password = user_alice_password)
#1.2 Create user Bob
TestProjects.user_bob_id, user_bob_name = self.user.create_user(user_password = user_bob_password, **ADMIN_CLIENT)
USER_BOB_CLIENT=dict(endpoint = url, username = user_bob_name, password = user_bob_password)
#1.3 Create user Carol
TestProjects.user_carol_id, user_carol_name = self.user.create_user(user_password = user_carol_password, **ADMIN_CLIENT)
#2.1 Create private project(PA) by Alice
TestProjects.project_alice_id, TestProjects.project_alice_name = self.project.create_project(metadata = {"public": "false"}, **USER_ALICE_CLIENT)
#2.2 Add a repository to project(PA) by Alice
TestProjects.repo_name, _ = push_self_build_image_to_project(TestProjects.project_alice_name, harbor_server, user_alice_name, user_alice_password, "hello-world", "latest")
#3. Bob is not a member of project(PA);
self.project.check_project_member_not_exist(TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT)
#4.1 Alice Add Bob as a guest member of project(PA)
member_id_bob = self.project.add_project_members(TestProjects.project_alice_id, user_id=TestProjects.user_bob_id, member_role_id = 3, **USER_ALICE_CLIENT)
#4.2 Check Bob is a guest member of project(PA)
self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 3, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT)
#5.1 Update role of Bob to developer of project(PA)
self.project.update_project_member_role(TestProjects.project_alice_id, member_id_bob, 2, **USER_ALICE_CLIENT)
#5.2 Check Bob is developer member of project(PA)
self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 2, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT)
#6.1 Update role of Bob to admin member of project(PA)
self.project.update_project_member_role(TestProjects.project_alice_id, member_id_bob, 1, **USER_ALICE_CLIENT)
#6.2 Check Bob is admin member of project(PA)
self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 1, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT)
#7.1 Bob add Carol to project(PA) as a guest member.
self.project.add_project_members(TestProjects.project_alice_id, TestProjects.user_carol_id, member_role_id = 3, **USER_BOB_CLIENT)
#7.2 Carol is a member of project(PA) as a guest.
self.project.check_project_members_exist(TestProjects.project_alice_id, user_carol_name, expected_member_role_id = 3, user_name = user_carol_name, user_password = user_carol_password, **USER_ALICE_CLIENT)
#8.1 Alice delete Bob from project(PA).
self.project.delete_project_member(TestProjects.project_alice_id, member_id_bob, **USER_ALICE_CLIENT)
#8.2 Bob is no longer a member of project(PA) and Bob can see project(PA).
self.project.check_project_member_not_exist(TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT)
#8.3 Carol is still a member of project(PA) as a guest.
self.project.check_project_members_exist(TestProjects.project_alice_id, user_carol_name, expected_member_role_id = 3, user_name = user_carol_name, user_password = user_carol_password, **USER_ALICE_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.url = ADMIN_CLIENT["endpoint"]
self.user_push_chart_password = "******"
self.chart_file = "https://storage.googleapis.com/harbor-builds/helm-chart-test-files/harbor-0.2.0.tgz"
self.archive = "harbor/"
self.verion = "0.2.0"
self.repo_name = "harbor_api_test"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository chart(CA) by user(UA);
self.repo.delete_repository(TestProjects.project_push_chart_name,
self.repo_name, **TestProjects.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_push_chart_id,
**TestProjects.USER_CLIENT)
#3. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
def testPushChartByHelmChartCLI(self):
"""
Test case:
Push Chart File By Helm Chart CLI
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push an chart(CA) to Harbor by helm3 registry/chart CLI successfully;
4. List artifacts successfully;
5. Get chart(CA) by reference successfully;
6. Get addtion successfully;
7. Delete chart by reference successfully.
Tear down:
1. Delete repository chart(CA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
#1. Create a new user(UA);
TestProjects.user_id, user_name = self.user.create_user(
user_password=self.user_push_chart_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT = dict(endpoint=self.url,
username=user_name,
password=self.user_push_chart_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_push_chart_id, TestProjects.project_push_chart_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_CLIENT)
#3. Push an chart(CA) to Harbor by helm3 registry/chart CLI successfully;
chart_cli_ret = library.helm.helm_chart_push_to_harbor(
self.chart_file, self.archive, harbor_server,
TestProjects.project_push_chart_name, self.repo_name, self.verion,
user_name, self.user_push_chart_password)
#4. List artifacts successfully;
artifacts = self.artifact.list_artifacts(
TestProjects.project_push_chart_name, self.repo_name,
**TestProjects.USER_CLIENT)
self.assertEqual(artifacts[0].type, 'CHART')
self.assertEqual(artifacts[0].tags[0].name, self.verion)
#5.1 Get chart(CA) by reference successfully;
artifact = self.artifact.get_reference_info(
TestProjects.project_push_chart_name, self.repo_name, self.verion,
**TestProjects.USER_CLIENT)
self.assertEqual(artifact.type, 'CHART')
self.assertEqual(artifact.tags[0].name, self.verion)
#5.2 Chart bundle can be pulled by ctr successfully;
#oci_ref = harbor_server+"/"+TestProjects.project_push_chart_name+"/"+self.repo_name+":"+self.verion
#library.containerd.ctr_images_pull(user_name, self.user_push_chart_password, oci_ref)
#library.containerd.ctr_images_list(oci_ref = oci_ref)
#6. Get addtion successfully;
addition_r = self.artifact.get_addition(
TestProjects.project_push_chart_name, self.repo_name, self.verion,
"readme.md", **TestProjects.USER_CLIENT)
self.assertIn("Helm Chart for Harbor", addition_r[0])
addition_d = self.artifact.get_addition(
TestProjects.project_push_chart_name, self.repo_name, self.verion,
"dependencies", **TestProjects.USER_CLIENT)
self.assertIn("https://kubernetes-charts.storage.googleapis.com",
addition_d[0])
addition_v = self.artifact.get_addition(
TestProjects.project_push_chart_name, self.repo_name, self.verion,
"values.yaml", **TestProjects.USER_CLIENT)
self.assertIn("adminserver", addition_v[0])
#7. Delete chart by reference successfully.
self.artifact.delete_artifact(TestProjects.project_push_chart_name,
self.repo_name, self.verion,
**TestProjects.USER_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.label = Label()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repository(TestProjects.project_add_g_lbl_name,
TestProjects.repo_name.split('/')[1],
**TestProjects.USER_add_g_lbl_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_add_g_lbl_id,
**TestProjects.USER_add_g_lbl_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_add_g_lbl_id, **ADMIN_CLIENT)
#4. Delete label(LA).
self.label.delete_label(TestProjects.label_id, **ADMIN_CLIENT)
def testAddSysLabelToRepo(self):
"""
Test case:
Add Global Label To Tag
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Create a new label(LA) in project(PA) by admin;;
7. Add this system global label to repository(RA)/tag(TA);
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
4. Delete label(LA).
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_add_g_lbl_id, user_add_g_lbl_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_add_g_lbl_CLIENT = dict(endpoint=url,
username=user_add_g_lbl_name,
password=user_001_password)
#2. Create private project-001
TestProjects.project_add_g_lbl_id, TestProjects.project_add_g_lbl_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user-001 as a member of project-001 with project-admin role
self.project.add_project_members(
TestProjects.project_add_g_lbl_id,
user_id=TestProjects.user_add_g_lbl_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_add_g_lbl_id,
**TestProjects.USER_add_g_lbl_CLIENT)
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
TestProjects.repo_name, tag = push_self_build_image_to_project(
TestProjects.project_add_g_lbl_name, harbor_server,
user_add_g_lbl_name, user_001_password, "test_sys_label", "latest")
#6. Create a new label(LA) in project(PA) by admin;
TestProjects.label_id, _ = self.label.create_label(**ADMIN_CLIENT)
#7. Add this system global label to repository(RA)/tag(TA).
self.artifact.add_label_to_reference(
TestProjects.project_add_g_lbl_name,
TestProjects.repo_name.split('/')[1], tag,
int(TestProjects.label_id), **TestProjects.USER_add_g_lbl_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.replication = Replication()
self.registry = Registry()
self.artifact = Artifact()
self.repo = Repository()
self.image = "alpine"
self.tag = "latest"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete rule(RA);
self.replication.delete_replication_rule(TestProjects.rule_id,
**ADMIN_CLIENT)
#2. Delete registry(TA);
self.registry.delete_registry(TestProjects.registry_id, **ADMIN_CLIENT)
#1. Delete repository(RA);
self.repo.delete_repository(TestProjects.project_name, self.image,
**TestProjects.USER_add_rule_CLIENT)
#3. Delete project(PA);
self.project.delete_project(TestProjects.project_add_rule_id,
**TestProjects.USER_add_rule_CLIENT)
#4. Delete user(UA);
self.user.delete_user(TestProjects.user_add_rule_id, **ADMIN_CLIENT)
def testReplicationFromDockerhub(self):
"""
Test case:
Replication From Dockerhub
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Create a new registry;
4. Create a new rule for this registry;
5. Check rule should be exist;
6. Trigger the rule;
7. Wait for completion of this replication job;
8. Check image is replicated into target project successfully.
Tear down:
1. Delete rule(RA);
2. Delete registry(TA);
3. Delete project(PA);
4. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
user_add_rule_password = "******"
#1. Create user(UA)
TestProjects.user_add_rule_id, user_add_rule_name = self.user.create_user(
user_password=user_add_rule_password, **ADMIN_CLIENT)
TestProjects.USER_add_rule_CLIENT = dict(
endpoint=url,
username=user_add_rule_name,
password=user_add_rule_password)
#2.1. Create private project(PA) by user(UA)
TestProjects.project_add_rule_id, TestProjects.project_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_add_rule_CLIENT)
#2.2. Get private project of uesr-001, uesr-001 can see only one private project which is project-001
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_add_rule_id,
**TestProjects.USER_add_rule_CLIENT)
#3. Create a new registry;
TestProjects.registry_id, _ = self.registry.create_registry(
"https://hub.docker.com",
registry_type="docker-hub",
access_key=DOCKER_USER,
access_secret=DOCKER_PWD,
insecure=False,
**ADMIN_CLIENT)
#4. Create a pull-based rule for this registry;
TestProjects.rule_id, rule_name = self.replication.create_replication_policy(
src_registry=swagger_client.Registry(
id=int(TestProjects.registry_id)),
dest_namespace=TestProjects.project_name,
filters=[
v2_swagger_client.ReplicationFilter(type="name",
value="library/" +
self.image),
v2_swagger_client.ReplicationFilter(type="tag", value=self.tag)
],
**ADMIN_CLIENT)
#5. Check rule should be exist;
self.replication.check_replication_rule_should_exist(
TestProjects.rule_id, rule_name, **ADMIN_CLIENT)
#6. Trigger the rule;
self.replication.trigger_replication_executions(
TestProjects.rule_id, **ADMIN_CLIENT)
#7. Wait for completion of this replication job;
self.replication.wait_until_jobs_finish(TestProjects.rule_id,
interval=30,
**ADMIN_CLIENT)
#8. Check image is replicated into target project successfully.
artifact = self.artifact.get_reference_info(TestProjects.project_name,
self.image, self.tag,
**ADMIN_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.url = ADMIN_CLIENT["endpoint"]
self.user_password = "******"
self.repo_name = "hello-world"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA,IA) by user(UA);
self.repo.delete_repository(TestProjects.project_name, self.repo_name,
**TestProjects.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_id,
**TestProjects.USER_CLIENT)
#3. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
print("Case completed")
def testCreateDeleteTag(self):
"""
Test case:
Create/Delete tag
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push an image(IA) to Harbor by docker successfully;
4. Create a tag(1.0) for the image(IA);
5. Get the image(latest) from Harbor successfully;
6. Verify the image(IA) contains tag named 1.0;
7. Delete the tag(1.0) from image(IA);
8. Get the image(IA) from Harbor successfully;
9. Verify the image(IA) contains no tag named 1.0;
Tear down:
1. Delete repository(RA,IA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
#1. Create a new user(UA);
TestProjects.user_id, user_name = self.user.create_user(
user_password=self.user_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT = dict(with_tag=True,
endpoint=self.url,
username=user_name,
password=self.user_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_id, TestProjects.project_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_CLIENT)
#3. Push an image(IA) to Harbor by docker successfully;
repo_name, tag = push_self_build_image_to_project(
TestProjects.project_name, harbor_server, 'admin', 'Harbor12345',
self.repo_name, "latest")
#4. Create a tag(1.0) for the image(IA)
self.artifact.create_tag(TestProjects.project_name, self.repo_name,
tag, "1.0", **TestProjects.USER_CLIENT)
#5. Get the image(IA) from Harbor successfully;
artifact = self.artifact.get_reference_info(TestProjects.project_name,
self.repo_name, tag,
**TestProjects.USER_CLIENT)
#6. Verify the image(IA) contains tag named 1.0;
self.assertEqual(artifact.tags[0].name, "1.0")
self.assertEqual(artifact.tags[1].name, tag)
#7. Delete the tag(1.0) from image(IA);
self.artifact.delete_tag(TestProjects.project_name, self.repo_name,
tag, "1.0", **TestProjects.USER_CLIENT)
#8. Get the image(latest) from Harbor successfully;
artifact = self.artifact.get_reference_info(TestProjects.project_name,
self.repo_name, tag,
**TestProjects.USER_CLIENT)
#9. Verify the image(IA) contains no tag named 1.0;
self.assertEqual(artifact.tags[0].name, tag)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.gc = GC()
self.project = Project()
self.user = User()
self.repo = Repository()
self.artifact = Artifact()
self.repo_name = "test_repo"
self.repo_name_untag = "test_untag"
self.tag = "v1.0"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_gc_id,
**TestProjects.USER_GC_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_gc_id, **ADMIN_CLIENT)
def testGarbageCollection(self):
"""
Test case:
Garbage Collection
Test step and expected result:
1. Create a new user(UA);
2. Create project(PA) and project(PB) by user(UA);
3. Push a image in project(PA) and then delete repository by admin;
4. Get repository by user(UA), it should get nothing;
5. Tigger garbage collection operation;
6. Check garbage collection job was finished;
7. Get garbage collection log, check there is a number of files was deleted;
8. Push a image in project(PB) by admin and delete the only tag;
9. Tigger garbage collection operation;
10. Check garbage collection job was finished;
11. Repository with untag image should be still there;
12. But no any artifact in repository anymore.
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
admin_name = ADMIN_CLIENT["username"]
admin_password = ADMIN_CLIENT["password"]
user_gc_password = "******"
#1. Create a new user(UA);
TestProjects.user_gc_id, user_gc_name = self.user.create_user(
user_password=user_gc_password, **ADMIN_CLIENT)
TestProjects.USER_GC_CLIENT = dict(endpoint=url,
username=user_gc_name,
password=user_gc_password)
#2. Create project(PA) and project(PB) by user(UA);
TestProjects.project_gc_id, TestProjects.project_gc_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_GC_CLIENT)
TestProjects.project_gc_untag_id, TestProjects.project_gc_untag_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_GC_CLIENT)
#3. Push a image in project(PA) and then delete repository by admin;
push_special_image_to_project(TestProjects.project_gc_name,
harbor_server, admin_name,
admin_password, self.repo_name,
["latest", "v1.2.3"])
self.repo.delete_repository(TestProjects.project_gc_name,
self.repo_name,
**TestProjects.USER_GC_CLIENT)
#4. Get repository by user(UA), it should get nothing;
repo_data = self.repo.list_repositories(TestProjects.project_gc_name,
**TestProjects.USER_GC_CLIENT)
_assert_status_code(len(repo_data), 0)
#8. Push a image in project(PB) by admin and delete the only tag;
push_special_image_to_project(TestProjects.project_gc_untag_name,
harbor_server, admin_name,
admin_password, self.repo_name_untag,
[self.tag])
self.artifact.delete_tag(TestProjects.project_gc_untag_name,
self.repo_name_untag, self.tag, self.tag,
**ADMIN_CLIENT)
#5. Tigger garbage collection operation;
gc_id = self.gc.gc_now(**ADMIN_CLIENT)
#6. Check garbage collection job was finished;
self.gc.validate_gc_job_status(gc_id, "Success", **ADMIN_CLIENT)
#7. Get garbage collection log, check there is a number of files was deleted;
self.gc.validate_deletion_success(gc_id, **ADMIN_CLIENT)
artifacts = self.artifact.list_artifacts(
TestProjects.project_gc_untag_name, self.repo_name_untag,
**TestProjects.USER_GC_CLIENT)
_assert_status_code(len(artifacts), 1)
time.sleep(5)
#9. Tigger garbage collection operation;
gc_id = self.gc.gc_now(is_delete_untagged=True, **ADMIN_CLIENT)
#10. Check garbage collection job was finished;
self.gc.validate_gc_job_status(gc_id, "Success", **ADMIN_CLIENT)
#7. Get garbage collection log, check there is a number of files was deleted;
self.gc.validate_deletion_success(gc_id, **ADMIN_CLIENT)
#11. Repository with untag image should be still there;
repo_data_untag = self.repo.list_repositories(
TestProjects.project_gc_untag_name, **TestProjects.USER_GC_CLIENT)
_assert_status_code(len(repo_data_untag), 1)
self.assertEqual(
TestProjects.project_gc_untag_name + "/" + self.repo_name_untag,
repo_data_untag[0].name)
#12. But no any artifact in repository anymore.
artifacts = self.artifact.list_artifacts(
TestProjects.project_gc_untag_name, self.repo_name_untag,
**TestProjects.USER_GC_CLIENT)
self.assertEqual(artifacts, [])
class TestScanImageInPublicProject(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.artifact = Artifact()
self.repo = Repository()
self.scan = Scan()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
print("Case completed")
def testScanImageInPublicProject(self):
"""
Test case:
Scan An Image Artifact In Public Project
Test step and expected result:
1. Create a new user(UA);
2. Create a new public project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
5. Send scan image command without credential (anonymous), the API response should be 401;
6. Create a new user(UB) which is non member of the project(PA);
7. Send scan image command with credential of the new created user(UB), the API response should be 403;
8. Delete user(UB);
9. Send scan image command with credential of the user(UA) and get tag(TA) information to check scan result, it should be finished;
10. Delete repository(RA) by user(UA);
11. Delete project(PA);
12. Delete user(UA);
"""
password = '******' # nosec
with created_user(password) as (user_id, username):
with created_project(metadata={"public": "true"},
user_id=user_id) as (_, project_name):
image, src_tag = "docker", "1.13"
full_name, tag = push_self_build_image_to_project(
project_name, harbor_server, username, password, image,
src_tag)
repo_name = full_name.split('/')[1]
# scan image with anonymous user
self.scan.scan_artifact(project_name,
repo_name,
tag,
expect_status_code=401,
username=None,
password=None)
with created_user(password) as (_, username1):
# scan image with non project memeber
self.scan.scan_artifact(project_name,
repo_name,
tag,
expect_status_code=403,
username=username1,
password=password)
self.scan.scan_artifact(project_name,
repo_name,
tag,
username=username,
password=password)
self.artifact.check_image_scan_result(project_name,
image,
tag,
username=username,
password=password,
with_scan_overview=True)
self.repo.delete_repository(project_name, repo_name)
class TestProjects(unittest.TestCase):
user_id = None
project_push_chart_id = None
USER_CLIENT = None
project_push_chart_name = None
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.url = ADMIN_CLIENT["endpoint"]
self.user_push_chart_password = "******"
self.chart_file_name = "harbor-helm-1.7.3"
self.chart_file_package_name = "harbor-1.7.3.tgz"
self.chart_file_path = files_directory + "harbor-helm-1.7.3.tar.gz"
self.version = "1.7.3"
self.repo_name = "harbor"
@unittest.skipIf(TEARDOWN is False, "Test data won't be erased.")
def tearDown(self):
# 1. Delete repository chart(CA) by user(UA);
self.repo.delete_repository(TestProjects.project_push_chart_name,
self.repo_name, **TestProjects.USER_CLIENT)
# 2. Delete project(PA);
self.project.delete_project(TestProjects.project_push_chart_id,
**TestProjects.USER_CLIENT)
# 3. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
def testPushChartByHelmChartCLI(self):
"""
Test case:
Push Chart File By Helm3.7 CLI
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push an chart(CA) to Harbor by helm3.7 CLI successfully;
4. List artifacts successfully;
5. Get chart(CA) by reference successfully;
6. Get addition successfully;
7. Delete chart by reference successfully.
Tear down:
1. Delete repository chart(CA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
# 1. Create a new user(UA);
TestProjects.user_id, user_name = self.user.create_user(
user_password=self.user_push_chart_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT = dict(endpoint=self.url,
username=user_name,
password=self.user_push_chart_password)
# 2. Create a new project(PA) by user(UA);
TestProjects.project_push_chart_id, TestProjects.project_push_chart_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_CLIENT)
# 3 Push an chart(CA) to Harbor by helm3.7 CLI successfully;
command = ["tar", "zxf", self.chart_file_path]
base.run_command(command)
# 3.1 helm3_7_registry_login;
helm.helm3_7_registry_login(ip=harbor_server,
user=user_name,
password=self.user_push_chart_password)
# 3.2 helm3_7_package;
helm.helm3_7_package(file_path=self.chart_file_name)
# 3.2 helm3_7_push;
helm.helm3_7_push(file_path=self.chart_file_package_name,
ip=harbor_server,
project_name=TestProjects.project_push_chart_name)
# 4. List artifacts successfully;
artifacts = self.artifact.list_artifacts(
TestProjects.project_push_chart_name, self.repo_name,
**TestProjects.USER_CLIENT)
self.assertEqual(artifacts[0].type, 'CHART')
self.assertEqual(artifacts[0].tags[0].name, self.version)
# 5.1 Get chart(CA) by reference successfully;
artifact = self.artifact.get_reference_info(
TestProjects.project_push_chart_name, self.repo_name, self.version,
**TestProjects.USER_CLIENT)
self.assertEqual(artifact.type, 'CHART')
self.assertEqual(artifact.tags[0].name, self.version)
# 6. Get addition successfully;
addition_r = self.artifact.get_addition(
TestProjects.project_push_chart_name, self.repo_name, self.version,
"readme.md", **TestProjects.USER_CLIENT)
self.assertIn("Helm Chart for Harbor", addition_r[0])
addition_v = self.artifact.get_addition(
TestProjects.project_push_chart_name, self.repo_name, self.version,
"values.yaml", **TestProjects.USER_CLIENT)
self.assertIn("expose", addition_v[0])
# 7. Delete chart by reference successfully.
self.artifact.delete_artifact(TestProjects.project_push_chart_name,
self.repo_name, self.version,
**TestProjects.USER_CLIENT)
class TestProjects(unittest.TestCase):
"""
Test case:
Tag Retention
Setup:
Create Project test-retention
Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0, test4:1.0
Test Steps:
1. Create Retention Policy
2. Add rule "For the repositories matching **, retain always with tags matching latest*"
3. Add rule "For the repositories matching test3*, retain always with tags matching **"
4. Dry run, check execution and tasks
5. Real run, check images retained
Tear Down:
1. Delete project test-retention
"""
@suppress_urllib3_warning
def setUp(self):
self.user = User()
self.system = System()
self.repo = Repository()
self.project = Project()
self.retention = Retention()
self.artifact = Artifact()
self.repo_name_1 = "test1"
self.repo_name_2 = "test2"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#TODO delete_repository will fail when no tags left anymore
resp = self.repo.list_repositories(TestProjects.project_src_repo_name,
**TestProjects.USER_RA_CLIENT)
for repo in resp:
self.repo.delete_repository(TestProjects.project_src_repo_name,
repo.name.split('/')[1],
**TestProjects.USER_RA_CLIENT)
self.project.delete_project(TestProjects.project_src_repo_id,
**TestProjects.USER_RA_CLIENT)
self.user.delete_user(TestProjects.user_ra_id, **ADMIN_CLIENT)
print("Case completed")
def testTagRetention(self):
user_ra_password = "******"
user_ra_id, user_ra_name = self.user.create_user(
user_password=user_ra_password, **ADMIN_CLIENT)
print("Created user: %s, id: %s" % (user_ra_name, user_ra_id))
TestProjects.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"],
username=user_ra_name,
password=user_ra_password)
TestProjects.user_ra_id = int(user_ra_id)
TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT)
# Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['2.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['3.0', 'latest'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_2,
['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_2,
['latest'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test3", ['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test4", ['1.0'])
tag_data_artifact3_image1 = self.artifact.get_reference_info(
TestProjects.project_src_repo_name, self.repo_name_1, "3.0",
**TestProjects.USER_RA_CLIENT)
tag_data_artifact2_image2 = self.artifact.get_reference_info(
TestProjects.project_src_repo_name, self.repo_name_2, "latest",
**TestProjects.USER_RA_CLIENT)
tags = list_image_tags(
harbor_server,
TestProjects.project_src_repo_name + "/" + self.repo_name_1,
user_ra_name, user_ra_password)
#Delete all 2 tags of "artifact3" in repostory "image1";
self.artifact.delete_tag(TestProjects.project_src_repo_name,
self.repo_name_1, "3.0", "latest",
**TestProjects.USER_RA_CLIENT)
self.artifact.delete_tag(TestProjects.project_src_repo_name,
self.repo_name_1, "3.0", "3.0",
**TestProjects.USER_RA_CLIENT)
tags = list_image_tags(
harbor_server,
TestProjects.project_src_repo_name + "/" + self.repo_name_1,
user_ra_name, user_ra_password)
resp = self.repo.list_repositories(TestProjects.project_src_repo_name,
**TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
# Create Retention Policy
retention_id = self.retention.create_retention_policy(
TestProjects.project_src_repo_id,
selector_repository="**",
selector_tag="latest*",
expect_status_code=201,
**TestProjects.USER_RA_CLIENT)
# Add rule
self.retention.update_retention_add_rule(retention_id,
selector_repository="test3*",
selector_tag="**",
expect_status_code=200,
**TestProjects.USER_RA_CLIENT)
# Dry run
self.retention.trigger_retention_policy(retention_id,
dry_run=True,
**TestProjects.USER_RA_CLIENT)
time.sleep(10)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 0)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
#For Debug:
print("Task 0 log begin:-----------------------------")
i = 0
for line in resp.split("\n"):
print("Line" + str(i) + ": " + line)
i = i + 1
print("Task 0 log end:-----------------------------")
# Real run
self.retention.trigger_retention_policy(retention_id,
dry_run=False,
**TestProjects.USER_RA_CLIENT)
time.sleep(10)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 1)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
print(resp)
#List artifacts successfully, and untagged artifact in test1 should be the only one retained;
artifacts_1 = self.artifact.list_artifacts(
TestProjects.project_src_repo_name, self.repo_name_1,
**TestProjects.USER_RA_CLIENT)
self.assertTrue(len(artifacts_1) == 1)
self.assertEqual(artifacts_1[0].digest,
tag_data_artifact3_image1.digest)
#List artifacts successfully, and artifact with latest tag in test2 should be the only one retained;
artifacts_2 = self.artifact.list_artifacts(
TestProjects.project_src_repo_name, self.repo_name_2,
**TestProjects.USER_RA_CLIENT)
self.assertTrue(len(artifacts_2) == 1)
self.assertEqual(artifacts_2[0].digest,
tag_data_artifact2_image2.digest)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
self.projectv2 = ProjectV2()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
print("Case completed")
#1. Delete project(PA);
self.project.delete_project(TestProjects.project_user_view_logs_id,
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
#2. Delete user(UA);
self.user.delete_user(TestProjects.user_user_view_logs_id,
**ADMIN_CLIENT)
def testUserViewLogs(self):
"""
Test case:
User View Logs
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA), in project(PA), there should be 1 'create' log record;;
3. Push a new image(IA) in project(PA) by admin, in project(PA), there should be 1 'push' log record;;
4. Delete repository(RA) by user(UA), in project(PA), there should be 1 'delete' log record;;
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
test_result = TestResult()
url = ADMIN_CLIENT["endpoint"]
admin_name = ADMIN_CLIENT["username"]
admin_password = ADMIN_CLIENT["password"]
user_content_trust_password = "******"
#1. Create a new user(UA);
TestProjects.user_user_view_logs_id, user_user_view_logs_name = self.user.create_user(
user_password=user_content_trust_password, **ADMIN_CLIENT)
TestProjects.USER_USER_VIEW_LOGS_CLIENT = dict(
endpoint=url,
username=user_user_view_logs_name,
password=user_content_trust_password)
#2.1 Create a new project(PA) by user(UA);
TestProjects.project_user_view_logs_id, project_user_view_logs_name = self.project.create_project(
metadata={"public": "false"},
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
time.sleep(2)
#2.2 In project(PA), there should be 1 'create' log record;
operation = "create"
log_count = self.projectv2.filter_project_logs(
project_user_view_logs_name, user_user_view_logs_name,
project_user_view_logs_name, "project", operation,
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
if log_count != 1:
test_result.add_test_result(
"1 - Failed to get log with user:{}, resource:{}, resource_type:{} and operation:{}, expect count 1, but actual is {}."
.format(user_user_view_logs_name, project_user_view_logs_name,
"project", operation, log_count))
#3.1 Push a new image(IA) in project(PA) by admin;
repo_name, tag = push_self_build_image_to_project(
project_user_view_logs_name, harbor_server, admin_name,
admin_password, "tomcat", "latest")
time.sleep(2)
#3.2 In project(PA), there should be 1 'push' log record;
operation = "create"
log_count = self.projectv2.filter_project_logs(
project_user_view_logs_name, admin_name,
r'{}:{}'.format(repo_name, tag), "artifact", operation,
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
if log_count != 1:
test_result.add_test_result(
"2 - Failed to get log with user:{}, resource:{}, resource_type:{} and operation:{}, expect count 1, but actual is {}."
.format(user_user_view_logs_name, project_user_view_logs_name,
"artifact", operation, log_count))
#4.1 Delete repository(RA) by user(UA);
self.repo.delete_repository(project_user_view_logs_name,
repo_name.split('/')[1],
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
time.sleep(6)
#4.2 In project(PA), there should be 1 'delete' log record;
operation = "delete"
log_count = self.projectv2.filter_project_logs(
project_user_view_logs_name, user_user_view_logs_name, repo_name,
"repository", operation, **TestProjects.USER_USER_VIEW_LOGS_CLIENT)
if log_count != 1:
test_result.add_test_result(
"5 - Failed to get log with user:{}, resource:{}, resource_type:{} and operation:{}, expect count 1, but actual is {}."
.format(user_user_view_logs_name, project_user_view_logs_name,
"repository", operation, log_count))
test_result.get_final_result()
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.system = System()
self.project= Project()
self.user= User()
self.artifact = Artifact()
self.repo = Repository()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete Alice's repository and Luca's repository;
self.repo.delete_repository(TestProjects.project_Alice_name, TestProjects.repo_a.split('/')[1], **ADMIN_CLIENT)
self.repo.delete_repository(TestProjects.project_Alice_name, TestProjects.repo_b.split('/')[1], **ADMIN_CLIENT)
self.repo.delete_repository(TestProjects.project_Alice_name, TestProjects.repo_c.split('/')[1], **ADMIN_CLIENT)
#2. Delete Alice's project and Luca's project;
self.project.delete_project(TestProjects.project_Alice_id, **ADMIN_CLIENT)
#3. Delete user Alice and Luca.
self.user.delete_user(TestProjects.user_Alice_id, **ADMIN_CLIENT)
def testRegistryAPI(self):
"""
Test case:
Catalog API to list all repositories by system admin
Test step and expected result:G
1. Create user Alice;
2. Create 1 new private projects project_Alice;
3. Push 3 images to project_Alice and Add 3 tags to the 3rd image
4. Call the image_list_tag API
5. Call the catalog API using admin account without pagination, can get all 3 images
5.1 Call the catalog API using admin account with pagination n=1, page=2, twice to get all 3 images.
5.2 Call the catalog API using Alice account, no repos should be found.
Tear down:
1. Delete Alice's repository;
2. Delete Alice's project;
3. Delete user Alice.
"""
url = ADMIN_CLIENT["endpoint"]
user_common_password = "******"
#1. Create user Alice and Luca;
TestProjects.user_Alice_id, user_Alice_name = self.user.create_user(user_password = user_common_password, **ADMIN_CLIENT)
USER_ALICE_CLIENT=dict(endpoint = url, username = user_Alice_name, password = user_common_password)
#2. Create 2 new private projects project_Alice and project_Luca;
TestProjects.project_Alice_id, TestProjects.project_Alice_name = self.project.create_project(metadata = {"public": "false"}, **USER_ALICE_CLIENT)
#3. Push 3 images to project_Alice and Add 3 tags to the 3rd image.
src_tag = "latest"
image_a = "image_a"
TestProjects.repo_a, tag_a = push_self_build_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_a, src_tag)
image_b = "image_b"
TestProjects.repo_b, tag_b = push_self_build_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_b, src_tag)
image_c = "image_c"
TestProjects.repo_c, tag_c = push_self_build_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_c, src_tag)
create_tags = ["1.0","2.0","3.0"]
for tag in create_tags:
self.artifact.create_tag(TestProjects.project_Alice_name, image_c, tag_c, tag, **USER_ALICE_CLIENT)
#4. Call the image_list_tags API
tags = list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password)
for tag in create_tags:
self.assertTrue(tags.count(tag)>0, "Expect tag: %s is not listed"%tag)
page_tags = list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password,len(tags)/2+1)
page_tags += list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password,len(tags)/2+1,tags[int(len(tags)/2)])
for tag in create_tags:
self.assertTrue(page_tags.count(tag)>0, "Expect tag: %s is not listed by the pagination query"%tag)
#5. Call the catalog API;
repos = list_repositories(harbor_server,admin_user,admin_pwd)
self.assertTrue(repos.count(TestProjects.repo_a)>0 and repos.count(TestProjects.repo_b)>0 and repos.count(TestProjects.repo_c)>0, "Expected repo not found")
for repo in [TestProjects.repo_a,TestProjects.repo_b,TestProjects.repo_c]:
self.assertTrue(repos.count(repo)>0,"Expected repo: %s is not listed"%repo)
page_repos = list_repositories(harbor_server,admin_user,admin_pwd,len(repos)/2+1)
page_repos += list_repositories(harbor_server,admin_user,admin_pwd,len(repos)/2+1,repos[int(len(repos)/2)])
for repo in [TestProjects.repo_a,TestProjects.repo_b,TestProjects.repo_c]:
self.assertTrue(page_repos.count(repo)>0,"Expected repo: %s is not listed by the pagination query"%repo)
null_repos = list_repositories(harbor_server,user_Alice_name,user_common_password)
self.assertEqual(null_repos, "")
class TestScan(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.scan = Scan()
self.url = ADMIN_CLIENT["endpoint"]
self.user_password = "******"
self.project_id, self.project_name, self.user_id, self.user_name, self.repo_name1 = [
None
] * 5
self.user_id, self.user_name = self.user.create_user(
user_password=self.user_password, **ADMIN_CLIENT)
self.USER_CLIENT = dict(with_signature=True,
with_immutable_status=True,
endpoint=self.url,
username=self.user_name,
password=self.user_password,
with_scan_overview=True)
#2. Create a new private project(PA) by user(UA);
self.project_id, self.project_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(self.project_id,
user_id=self.user_id,
**ADMIN_CLIENT)
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def do_tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repository(self.project_name,
self.repo_name1.split('/')[1],
**self.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(self.project_id, **self.USER_CLIENT)
#3. Delete user(UA);
self.user.delete_user(self.user_id, **ADMIN_CLIENT)
def testScanImageArtifact(self):
"""
Test case:
Scan An Image Artifact
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
7. Send scan another image command and get tag(TA) information to check scan result, it should be finished.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(dict(public=False),
expected_count=1,
expected_project_id=self.project_id,
**self.USER_CLIENT)
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image right after repository creation.
image = "docker"
src_tag = "1.13"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
self.repo_name1, tag = push_self_build_image_to_project(
self.project_name, harbor_server, self.user_name,
self.user_password, image, src_tag)
#6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
self.scan.scan_artifact(self.project_name,
self.repo_name1.split('/')[1], tag,
**self.USER_CLIENT)
self.artifact.check_image_scan_result(self.project_name, image, tag,
**self.USER_CLIENT)
self.do_tearDown()
def testScanSignedImage(self):
"""
Test case:
Scan A Signed Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
7. Send scan another image command and get tag(TA) information to check scan result, it should be finished.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image right after repository creation.
#Note:busybox is pulled in setup phase, and setup is an essential phase before scripts execution.
image = BASE_IMAGE['name']
tag = BASE_IMAGE['tag']
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
# Push base image in function sign_image.
sign_image(harbor_server, self.project_name, image, tag)
#6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
self.scan.scan_artifact(self.project_name, image, tag,
**self.USER_CLIENT)
self.artifact.check_image_scan_result(self.project_name, image, tag,
**self.USER_CLIENT)
class TestStopScanAll(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.scan_all = ScanAll()
self.stop_scan_all = StopScanAll()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete Alice's repository and Luca's repository;
self.repo.delete_repository(
TestStopScanAll.project_Alice_name,
TestStopScanAll.repo_Alice_name.split('/')[1], **ADMIN_CLIENT)
self.repo.delete_repository(
TestStopScanAll.project_Luca_name,
TestStopScanAll.repo_Luca_name.split('/')[1], **ADMIN_CLIENT)
#2. Delete Alice's project and Luca's project;
self.project.delete_project(TestStopScanAll.project_Alice_id,
**ADMIN_CLIENT)
self.project.delete_project(TestStopScanAll.project_Luca_id,
**ADMIN_CLIENT)
#3. Delete user Alice and Luca.
self.user.delete_user(TestStopScanAll.user_Alice_id, **ADMIN_CLIENT)
self.user.delete_user(TestStopScanAll.user_Luca_id, **ADMIN_CLIENT)
print("Case completed")
def testSystemLevelScanALL(self):
"""
Test case:
System level Stop Scan All
Test step and expected result:
1. Create user Alice and Luca;
2. Create 2 new private projects project_Alice and project_Luca;
3. Push a image to project_Alice and push another image to project_Luca;
4. Trigger scan all event;
5. Send stop scan all request.
Tear down:
1. Delete Alice's repository and Luca's repository;
2. Delete Alice's project and Luca's project;
3. Delete user Alice and Luca.
"""
url = ADMIN_CLIENT["endpoint"]
user_common_password = "******"
#1. Create user Alice and Luca;
TestStopScanAll.user_Alice_id, user_Alice_name = self.user.create_user(
user_password=user_common_password, **ADMIN_CLIENT)
TestStopScanAll.user_Luca_id, user_Luca_name = self.user.create_user(
user_password=user_common_password, **ADMIN_CLIENT)
USER_ALICE_CLIENT = dict(endpoint=url,
username=user_Alice_name,
password=user_common_password,
with_scan_overview=True)
USER_LUCA_CLIENT = dict(endpoint=url,
username=user_Luca_name,
password=user_common_password,
with_scan_overview=True)
#2. Create 2 new private projects project_Alice and project_Luca;
TestStopScanAll.project_Alice_id, TestStopScanAll.project_Alice_name = self.project.create_project(
metadata={"public": "false"}, **USER_ALICE_CLIENT)
TestStopScanAll.project_Luca_id, TestStopScanAll.project_Luca_name = self.project.create_project(
metadata={"public": "false"}, **USER_LUCA_CLIENT)
#3. Push a image to project_Alice and push another image to project_Luca;
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image rigth after repository creation.
#image = "tomcat"
image_a = "mariadb"
src_tag = "latest"
#3.1 Push a image to project_Alice;
TestStopScanAll.repo_Alice_name, tag_Alice = push_self_build_image_to_project(
TestStopScanAll.project_Alice_name, harbor_server, user_Alice_name,
user_common_password, image_a, src_tag)
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image rigth after repository creation.
image_b = "httpd"
src_tag = "latest"
#3.2 push another image to project_Luca;
TestStopScanAll.repo_Luca_name, tag_Luca = push_self_build_image_to_project(
TestStopScanAll.project_Luca_name, harbor_server, user_Luca_name,
user_common_password, image_b, src_tag)
#4. Trigger scan all event;
self.scan_all.scan_all_now(**ADMIN_CLIENT)
# self.scan_all.wait_until_scans_all_finish(**ADMIN_CLIENT)
#5. Send stop scan all request.
self.stop_scan_all.stop_scan_all()
class TestAssignRoleToLdapGroup(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.conf = Configurations()
self.project = Project()
self.artifact = Artifact()
self.repo = Repository()
self.user = User()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
print("Case completed")
def testAssignRoleToLdapGroup(self):
"""
Test case:
Assign Role To Ldap Group
Test step and expected result:
1. Set LDAP Auth configurations;
2. Create a new public project(PA) by Admin;
3. Add 3 member groups to project(PA);
4. Push image by each member role;
5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member;
6. Verfify that admin_user and dev_user can push image, guest_user can not push image;
7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs.
8. Delete repository(RA) by user(UA);
9. Delete project(PA);
"""
url = ADMIN_CLIENT["endpoint"]
USER_ADMIN = dict(endpoint=url,
username="******",
password="******",
repo="haproxy")
USER_DEV = dict(endpoint=url,
username="******",
password="******",
repo="alpine")
USER_GUEST = dict(endpoint=url,
username="******",
password="******",
repo="busybox")
USER_TEST = dict(endpoint=url, username="******", password="******")
USER_MIKE = dict(endpoint=url, username="******", password="******")
#USER001 is in group harbor_group3
self.conf.set_configurations_of_ldap(
ldap_filter="",
ldap_group_attribute_name="cn",
ldap_group_base_dn="ou=groups,dc=example,dc=com",
ldap_group_search_filter="objectclass=groupOfNames",
ldap_group_search_scope=2,
**ADMIN_CLIENT)
with created_project(metadata={"public": "false"}) as (project_id,
project_name):
self.project.add_project_members(
project_id,
member_role_id=1,
_ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
self.project.add_project_members(
project_id,
member_role_id=2,
_ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
self.project.add_project_members(
project_id,
member_role_id=3,
_ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
projects = self.project.get_projects(dict(name=project_name),
**USER_ADMIN)
self.assertTrue(len(projects) == 1)
self.assertEqual(1, projects[0].current_user_role_id)
#Mike has logged in harbor in previous test.
mike = self.user.get_user_by_name(USER_MIKE["username"],
**ADMIN_CLIENT)
#Verify role difference in add project member feature, to distinguish between admin and dev role
self.project.add_project_members(project_id,
user_id=mike.user_id,
member_role_id=3,
**USER_ADMIN)
self.project.add_project_members(project_id,
user_id=mike.user_id,
member_role_id=3,
expect_status_code=403,
**USER_DEV)
self.project.add_project_members(project_id,
user_id=mike.user_id,
member_role_id=3,
expect_status_code=403,
**USER_GUEST)
repo_name_admin, _ = push_image_to_project(
project_name, harbor_server, USER_ADMIN["username"],
USER_ADMIN["password"], USER_ADMIN["repo"], "latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_ADMIN["repo"],
**USER_ADMIN)
self.assertTrue(len(artifacts) == 1)
repo_name_dev, _ = push_image_to_project(
project_name, harbor_server, USER_DEV["username"],
USER_DEV["password"], USER_DEV["repo"], "latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_DEV["repo"],
**USER_DEV)
self.assertTrue(len(artifacts) == 1)
push_image_to_project(
project_name,
harbor_server,
USER_GUEST["username"],
USER_GUEST["password"],
USER_GUEST["repo"],
"latest",
expected_error_message="unauthorized to access repository")
artifacts = self.artifact.list_artifacts(project_name,
USER_GUEST["repo"],
**USER_GUEST)
self.assertTrue(len(artifacts) == 0)
self.assertTrue(
self.project.query_user_logs(project_name, **USER_ADMIN) > 0,
"admin user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name, **USER_DEV) > 0,
"dev user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name, **USER_GUEST) > 0,
"guest user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name,
status_code=403,
**USER_TEST) == 0,
"test user can not see any logs")
self.repo.delete_repository(project_name,
repo_name_admin.split('/')[1],
**USER_ADMIN)
self.repo.delete_repository(project_name,
repo_name_dev.split('/')[1],
**USER_ADMIN)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repository(TestProjects.project_content_trust_name,
TestProjects.repo_name.split('/')[1],
**TestProjects.USER_CONTENT_TRUST_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_content_trust_id,
**TestProjects.USER_CONTENT_TRUST_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_content_trust_id,
**ADMIN_CLIENT)
def testProjectLevelPolicyContentTrust(self):
"""
Test case:
Project Level Policy Content Trust
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push a new image(IA) in project(PA) by admin;
4. Image(IA) should exist;
5. Pull image(IA) successfully;
6. Enable content trust in project(PA) configuration;
7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
url = ADMIN_CLIENT["endpoint"]
image = "test_content_trust"
user_content_trust_password = "******"
#1. Create a new user(UA);
TestProjects.user_content_trust_id, user_content_trust_name = self.user.create_user(
user_password=user_content_trust_password, **ADMIN_CLIENT)
TestProjects.USER_CONTENT_TRUST_CLIENT = dict(
endpoint=url,
username=user_content_trust_name,
password=user_content_trust_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_content_trust_id, TestProjects.project_content_trust_name = self.project.create_project(
metadata={"public": "false"},
**TestProjects.USER_CONTENT_TRUST_CLIENT)
#3. Push a new image(IA) in project(PA) by admin;
TestProjects.repo_name, tag = push_self_build_image_to_project(
TestProjects.project_content_trust_name, harbor_server,
ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], image,
"latest")
#4. Image(IA) should exist;
artifact = self.artifact.get_reference_info(
TestProjects.project_content_trust_name, image, tag,
**TestProjects.USER_CONTENT_TRUST_CLIENT)
self.assertEqual(artifact.tags[0].name, tag)
docker_image_clean_all()
#5. Pull image(IA) successfully;
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"],
ADMIN_CLIENT["password"], TestProjects.repo_name,
tag)
self.project.get_project(TestProjects.project_content_trust_id)
#6. Enable content trust in project(PA) configuration;
self.project.update_project(TestProjects.project_content_trust_id,
metadata={"enable_content_trust": "true"},
**TestProjects.USER_CONTENT_TRUST_CLIENT)
self.project.get_project(TestProjects.project_content_trust_id)
#7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
docker_image_clean_all()
pull_harbor_image(
harbor_server,
ADMIN_CLIENT["username"],
ADMIN_CLIENT["password"],
TestProjects.repo_name,
tag,
expected_error_message="The image is not signed in Notary")
class TestCosign(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.image = "alpine"
self.tag = "latest"
self.expect_accessory_type = "signature.cosign"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository by user(UA);
self.repo.delete_repository(TestCosign.project_name, self.image,
**TestCosign.user_client)
#2. Delete project(PA);
self.project.delete_project(TestCosign.project_id,
**TestCosign.user_client)
#3. Delete user(UA).
self.user.delete_user(TestCosign.user_id, **ADMIN_CLIENT)
def testCosignArtifact(self):
"""
Test case:
Cosign Artifact API
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push a new image(IA) in project(PA) by user(UA);
4. Verify that the image (IA) is not signed by cosign;
5. Sign image(IA) with cosign;
6. Verify that the image (IA) is signed by cosign;
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
user_password = "******"
# 1. Create user(UA)
TestCosign.user_id, user_name = self.user.create_user(
user_password=user_password, **ADMIN_CLIENT)
TestCosign.user_client = dict(endpoint=url,
username=user_name,
password=user_password,
with_accessory=True)
# 2.1. Create private project(PA) by user(UA)
TestCosign.project_id, TestCosign.project_name = self.project.create_project(
metadata={"public": "false"}, **TestCosign.user_client)
# 2.2. Get private project of uesr-001, uesr-001 can see only one private project which is project-001
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestCosign.project_id,
**TestCosign.user_client)
# 3. Push a new image(IA) in project(PA) by user(UA)
TestCosign.repo_name, tag = push_self_build_image_to_project(
TestCosign.project_name, harbor_server, user_name, user_password,
self.image, self.tag)
# 4.1. Verify list_artifacts API;
artifact_list = self.artifact.list_artifacts(TestCosign.project_name,
self.image,
**TestCosign.user_client)
first_artifact = artifact_list[0]
artifact_reference = first_artifact.digest
self.assertTrue(len(artifact_list) == 1)
self.assertIsNone(artifact_list[0].accessories)
# 4.2. Verify get_reference_info API;
artifact_info = self.artifact.get_reference_info(
TestCosign.project_name, self.image, artifact_reference,
**TestCosign.user_client)
self.assertIsNone(artifact_info.accessories)
# 4.3. Verify list_accessories API;
accessory_list = self.artifact.list_accessories(
TestCosign.project_name, self.image, artifact_reference,
**TestCosign.user_client)
self.assertTrue(len(accessory_list) == 0)
# 5.1. Generate cosign key pair;
cosign.generate_key_pair()
# 5.2. Generate cosign key pair;
docker_api.docker_login_cmd(harbor_server,
user_name,
user_password,
enable_manifest=False)
cosign.sign_artifact("{}/{}/{}:{}".format(harbor_server,
TestCosign.project_name,
self.image, self.tag))
# 6.1. Verify list_artifacts API;
artifact_list = self.artifact.list_artifacts(TestCosign.project_name,
self.image,
**TestCosign.user_client)
self.assertTrue(len(artifact_list) == 1)
first_artifact = artifact_list[0]
self.assertTrue(len(first_artifact.accessories) == 1)
first_accessory = first_artifact.accessories[0]
self.assertEqual(first_accessory.type, self.expect_accessory_type)
accessory_reference = first_accessory.digest
# 6.2. Verify get_reference_info API;
artifact_info = self.artifact.get_reference_info(
TestCosign.project_name, self.image, artifact_reference,
**TestCosign.user_client)
self.assertEqual(artifact_info.accessories[0].type,
self.expect_accessory_type)
# 6.3. Verify list_accessories API;
accessory_list = self.artifact.list_accessories(
TestCosign.project_name, self.image, artifact_reference,
**TestCosign.user_client)
self.assertTrue(len(accessory_list) == 1)
self.assertEqual(accessory_list[0].type, self.expect_accessory_type)
# 6.4. Verify list_accessories API;
accessory_info = self.artifact.get_reference_info(
TestCosign.project_name, self.image, accessory_reference,
**TestCosign.user_client)
self.assertEqual(accessory_info.digest, accessory_reference)
