class TestLdapAdminRole(unittest.TestCase): @classmethod def setUp(self): url = ADMIN_CLIENT["endpoint"] self.conf = Configurations() self.uesr = User() self.project = Project() self.USER_MIKE = dict(endpoint=url, username="******", password="******") @classmethod def tearDown(self): self.project.delete_project(TestLdapAdminRole.project_id, **self.USER_MIKE) print("Case completed") def testLdapAdminRole(self): """ Test case: LDAP Admin Role Test step and expected result: 1. Set LDAP Auth configurations; 2. Create a new public project(PA) by LDAP user mike; 3. Check project is created successfully; 4. Check mike is not admin; 5. Delete project(PA); """ self.conf.set_configurations_of_ldap( ldap_group_admin_dn="cn=harbor_users,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) TestLdapAdminRole.project_id, project_name = self.project.create_project( metadata={"public": "false"}, **self.USER_MIKE) self.project.check_project_name_exist(name=project_name, **self.USER_MIKE) _user = self.uesr.get_user_by_name(self.USER_MIKE["username"], **ADMIN_CLIENT) self.assertFalse(_user.sysadmin_flag)
class TestAssignRoleToLdapGroup(unittest.TestCase): @suppress_urllib3_warning def setUp(self): self.conf = Configurations() self.project = Project() self.artifact = Artifact() self.repo = Repository() self.user = User() @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def tearDown(self): print("Case completed") def testAssignRoleToLdapGroup(self): """ Test case: Assign Role To Ldap Group Test step and expected result: 1. Set LDAP Auth configurations; 2. Create a new public project(PA) by Admin; 3. Add 3 member groups to project(PA); 4. Push image by each member role; 5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member; 6. Verfify that admin_user and dev_user can push image, guest_user can not push image; 7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs. 8. Delete repository(RA) by user(UA); 9. Delete project(PA); """ url = ADMIN_CLIENT["endpoint"] USER_ADMIN = dict(endpoint=url, username="******", password="******", repo="haproxy") USER_DEV = dict(endpoint=url, username="******", password="******", repo="alpine") USER_GUEST = dict(endpoint=url, username="******", password="******", repo="busybox") USER_TEST = dict(endpoint=url, username="******", password="******") USER_MIKE = dict(endpoint=url, username="******", password="******") #USER001 is in group harbor_group3 self.conf.set_configurations_of_ldap( ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) with created_project(metadata={"public": "false"}) as (project_id, project_name): self.project.add_project_members( project_id, member_role_id=1, _ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=2, _ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=3, _ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN) self.assertTrue(len(projects) == 1) self.assertEqual(1, projects[0].current_user_role_id) #Mike has logged in harbor in previous test. mike = self.user.get_user_by_name(USER_MIKE["username"], **ADMIN_CLIENT) #Verify role difference in add project member feature, to distinguish between admin and dev role self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id=3, **USER_ADMIN) self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id=3, expect_status_code=403, **USER_DEV) self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id=3, expect_status_code=403, **USER_GUEST) repo_name_admin, _ = push_image_to_project( project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN) self.assertTrue(len(artifacts) == 1) repo_name_dev, _ = push_image_to_project( project_name, harbor_server, USER_DEV["username"], USER_DEV["password"], USER_DEV["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_DEV["repo"], **USER_DEV) self.assertTrue(len(artifacts) == 1) push_image_to_project( project_name, harbor_server, USER_GUEST["username"], USER_GUEST["password"], USER_GUEST["repo"], "latest", expected_error_message="unauthorized to access repository") artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST) self.assertTrue(len(artifacts) == 0) self.assertTrue( self.project.query_user_logs(project_name, **USER_ADMIN) > 0, "admin user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_DEV) > 0, "dev user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_GUEST) > 0, "guest user can see logs") self.assertTrue( self.project.query_user_logs(project_name, status_code=403, **USER_TEST) == 0, "test user can not see any logs") self.repo.delete_repository(project_name, repo_name_admin.split('/')[1], **USER_ADMIN) self.repo.delete_repository(project_name, repo_name_dev.split('/')[1], **USER_ADMIN)