class TestLdapAdminRole(unittest.TestCase): """AccessLog unit test stubs""" product_api = testutils.GetProductApi("admin", "Harbor12345") mike_product_api = testutils.GetProductApi("mike", "zhu88jie") project_id = 0 def setUp(self): pass def tearDown(self): if self.project_id > 0: self.mike_product_api.projects_project_id_delete( project_id=self.project_id) pass def testLdapAdminRole(self): """Test LdapAdminRole""" result = self.product_api.configurations_put( configurations=Configurations( ldap_group_admin_dn= "cn=harbor_users,ou=groups,dc=example,dc=com")) pprint(result) # Create a private project result = self.product_api.projects_post(project=ProjectReq( project_name="test_private")) pprint(result) # query project with ldap user mike projects = self.mike_product_api.projects_get(name="test_private") self.assertTrue(projects.count > 1) self.project_id = projects[0].project_id pass
def queryUserLogs(self, username, password, harbor_host=harbor_host): client_product_api = testutils.GetProductApi(username=username, password=password) logs = client_product_api.logs_get(repository="ldap_group_test_prj", username=username) if logs == None: return 0 else: return logs.count
class TestLdapAdminRole(unittest.TestCase): """AccessLog unit test stubs""" product_api = testutils.GetProductApi("admin", "Harbor12345") mike_product_api = testutils.GetProductApi("mike", "zhu88jie") project_id = 0 def setUp(self): pass def tearDown(self): if self.project_id > 0: self.mike_product_api.projects_project_id_delete( project_id=self.project_id) pass def testLdapAdminRole(self): """Test LdapAdminRole""" _project_name = _random_name("test_private") result = self.product_api.configurations_put( configurations=Configurations( ldap_group_admin_dn= "cn=harbor_users,ou=groups,dc=example,dc=com")) # Create a private project result = self.product_api.projects_post(project=ProjectReq( project_name=_project_name)) # query project with ldap user mike projects = self.mike_product_api.projects_get(name=_project_name) print("=================", projects) self.assertTrue(len(projects) == 1) self.project_id = projects[0].project_id # check the mike is not admin in Database user_list = self.product_api.users_get(username="******") pprint(user_list[0]) self.assertFalse(user_list[0].sysadmin_flag) pass
def testAssignRoleToLdapGroup(self): """Test AssignRoleToLdapGroup""" admin_product_api = testutils.GetProductApi(username="******", password="******") projects = admin_product_api.projects_get(name=self._project_name) self.assertTrue(len(projects) == 1) self.assertEqual(1, projects[0].current_user_role_id) dev_product_api = testutils.GetProductApi("dev_user", "zhu88jie") projects = dev_product_api.projects_get(name=self._project_name) self.assertTrue(len(projects) == 1) self.assertEqual(2, projects[0].current_user_role_id) guest_product_api = testutils.GetProductApi("guest_user", "zhu88jie") projects = guest_product_api.projects_get(name=self._project_name) self.assertTrue(len(projects) == 1) self.assertEqual(3, projects[0].current_user_role_id) self.dockerCmdLoginAdmin(username="******", password="******") self.dockerCmdLoginDev(username="******", password="******") self.dockerCmdLoginGuest(username="******", password="******") self.assertTrue( self.queryUserLogs(username="******", password="******") > 0, "admin user can see logs") self.assertTrue( self.queryUserLogs(username="******", password="******") > 0, "dev user can see logs") self.assertTrue( self.queryUserLogs(username="******", password="******") > 0, "guest user can see logs") self.assertTrue( self.queryUserLogs(username="******", password="******", status_code=403) == 0, "test user can not see any logs") pass
class TestUserGroup(unittest.TestCase): """UserGroup unit test stubs""" product_api = testutils.GetProductApi("admin", "Harbor12345") groupId = 0 def setUp(self): self.conf = Configurations() self.conf.set_configurations_of_ldap( ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) pass def tearDown(self): if self.groupId > 0: self.product_api.usergroups_group_id_delete(group_id=self.groupId) pass def testAddUpdateUserGroup(self): """Test UserGroup""" user_group = UserGroup( group_name="harbor_group123", group_type=1, ldap_group_dn="cn=harbor_group,ou=groups,dc=example,dc=com") result = self.product_api.usergroups_post(usergroup=user_group) pprint(result) user_groups = self.product_api.usergroups_get() found = False for ug in user_groups: if ug.group_name == "harbor_group123": found = True print("Found usergroup") pprint(ug) self.groupId = ug.id self.assertTrue(found) result = self.product_api.usergroups_group_id_put( self.groupId, usergroup=UserGroup(group_name="newharbor_group")) new_user_group = self.product_api.usergroups_group_id_get( group_id=self.groupId) self.assertEqual("newharbor_group", new_user_group.group_name) pass
def testAssignRoleToLdapGroup(self): """Test AssignRoleToLdapGroup""" admin_product_api = testutils.GetProductApi(username="******", password="******") projects = admin_product_api.projects_get(name="ldap_group_test_prj") self.assertTrue(projects.count > 1) self.assertEqual(1, projects[0].current_user_role_id) dev_product_api = testutils.GetProductApi("dev_user", "zhu88jie") projects = dev_product_api.projects_get(name="ldap_group_test_prj") self.assertTrue(projects.count > 1) self.assertEqual(2, projects[0].current_user_role_id) guest_product_api = testutils.GetProductApi("guest_user", "zhu88jie") projects = guest_product_api.projects_get(name="ldap_group_test_prj") self.assertTrue(projects.count > 1) self.assertEqual(3, projects[0].current_user_role_id) self.dockerCmdLoginAdmin(username="******", password="******") self.dockerCmdLoginDev(username="******", password="******") self.dockerCmdLoginGuest(username="******", password="******") self.assertTrue( self.queryUserLogs(username="******", password="******") > 0, "admin user can see logs") self.assertTrue( self.queryUserLogs(username="******", password="******") > 0, "dev user can see logs") self.assertTrue( self.queryUserLogs(username="******", password="******") > 0, "guest user can see logs") self.assertTrue( self.queryUserLogs(username="******", password="******") == 0, "user001 can not see any logs") pass
class TestLdapPing(unittest.TestCase): """AccessLog unit test stubs""" product_api = testutils.GetProductApi("admin", "Harbor12345") project_id = 0 def setUp(self): pass def tearDown(self): pass def testLdapPing(self): """Test LdapAdminRole""" result = self.product_api.ldap_ping_post( ldapconf=LdapConf(ldap_url="10.161.127.236", ldap_search_dn="cn=admin,dc=example,dc=com", ldap_search_password="******", ldap_scope=2)) pprint(result)
class TestLdapAdminRole(unittest.TestCase): """AccessLog unit test stubs""" product_api = testutils.GetProductApi("admin", "Harbor12345") project_id = 0 def setUp(self): self.project = Project() self.mike_product_api = Project("mike", "zhu88jie") def tearDown(self): print("Case completed") @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def test_ClearData(self): if self.project_id > 0: self.mike_product_api.delete_project(self.project_id) def testLdapAdminRole(self): """Test LdapAdminRole""" _project_name = _random_name("test-ldap-admin-role") result = self.product_api.configurations_put( configurations=Configurations( ldap_group_admin_dn= "cn=harbor_users,ou=groups,dc=example,dc=com")) # Create a private project result = self.project.create_project(_project_name) # query project with ldap user mike projects = self.mike_product_api.get_projects(dict(name=_project_name)) print("=================", projects) self.assertTrue(len(projects) == 1) self.project_id = projects[0].project_id # check the mike is not admin in Database user_list = self.product_api.users_get(username="******") pprint(user_list[0]) self.assertFalse(user_list[0].sysadmin_flag) pass
class TestAssignRoleToLdapGroup(unittest.TestCase): harbor_host = os.environ["HARBOR_HOST"] """AssignRoleToLdapGroup unit test stubs""" product_api = testutils.GetProductApi("admin", "Harbor12345") repository_api = testutils.GetRepositoryApi("admin", "Harbor12345") project_id = 0 docker_client = docker.from_env() _project_name = _random_name("test_private") def setUp(self): self.projectv2 = ProjectV2() #login with admin, create a project and assign role to ldap group result = self.product_api.configurations_put( configurations=Configurations( ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2)) pprint(result) cfgs = self.product_api.configurations_get() pprint(cfgs) req = ProjectReq() req.project_name = self._project_name req.metadata = ProjectMetadata(public="false") result = self.product_api.projects_post(req) pprint(result) projs = self.product_api.projects_get(name=self._project_name) if len(projs) > 0: project = projs[0] self.project_id = project.project_id # asign role to project with dn group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com" projectmember = ProjectMember() projectmember.role_id = 1 projectmember.member_group = UserGroup(ldap_group_dn=group_dn) result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember) pprint(result) group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com" projectmember = ProjectMember() projectmember.role_id = 2 projectmember.member_group = UserGroup(ldap_group_dn=group_dn) result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember) pprint(result) group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com" projectmember = ProjectMember() projectmember.role_id = 3 projectmember.member_group = UserGroup(ldap_group_dn=group_dn) result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember) pprint(result) pass def tearDown(self): #delete images in project result = self.repository_api.delete_repository(self._project_name, "busybox") pprint(result) result = self.repository_api.delete_repository(self._project_name, "busyboxdev") pprint(result) if self.project_id > 0: self.product_api.projects_project_id_delete(self.project_id) pass def testAssignRoleToLdapGroup(self): """Test AssignRoleToLdapGroup""" admin_product_api = testutils.GetProductApi(username="******", password="******") projects = admin_product_api.projects_get(name=self._project_name) self.assertTrue(len(projects) == 1) self.assertEqual(1, projects[0].current_user_role_id) dev_product_api = testutils.GetProductApi("dev_user", "zhu88jie") projects = dev_product_api.projects_get(name=self._project_name) self.assertTrue(len(projects) == 1) self.assertEqual(2, projects[0].current_user_role_id) guest_product_api = testutils.GetProductApi("guest_user", "zhu88jie") projects = guest_product_api.projects_get(name=self._project_name) self.assertTrue(len(projects) == 1) self.assertEqual(3, projects[0].current_user_role_id) self.dockerCmdLoginAdmin(username="******", password="******") self.dockerCmdLoginDev(username="******", password="******") self.dockerCmdLoginGuest(username="******", password="******") self.assertTrue( self.queryUserLogs(username="******", password="******") > 0, "admin user can see logs") self.assertTrue( self.queryUserLogs(username="******", password="******") > 0, "dev user can see logs") self.assertTrue( self.queryUserLogs(username="******", password="******") > 0, "guest user can see logs") self.assertTrue( self.queryUserLogs(username="******", password="******", status_code=403) == 0, "test user can not see any logs") pass # admin user can push, pull images def dockerCmdLoginAdmin(self, username, password): pprint(self.docker_client.info()) self.docker_client.login(username=username, password=password, registry=self.harbor_host) self.docker_client.images.pull("busybox:latest") image = self.docker_client.images.get("busybox:latest") image.tag(repository=self.harbor_host + "/" + self._project_name + "/busybox", tag="latest") output = self.docker_client.images.push(repository=self.harbor_host + "/" + self._project_name + "/busybox", tag="latest") if output.find("error") > 0: self.fail("Should not fail to push image for admin_user") self.docker_client.images.pull(repository=self.harbor_host + "/" + self._project_name + "/busybox", tag="latest") pass # dev user can push, pull images def dockerCmdLoginDev(self, username, password, harbor_server=harbor_host): self.docker_client.login(username=username, password=password, registry=self.harbor_host) self.docker_client.images.pull("busybox:latest") image = self.docker_client.images.get("busybox:latest") image.tag(repository=self.harbor_host + "/" + self._project_name + "/busyboxdev", tag="latest") output = self.docker_client.images.push(repository=self.harbor_host + "/" + self._project_name + "/busyboxdev", tag="latest") if output.find("error") > 0: self.fail("Should not fail to push images for dev_user") pass # guest user can pull images def dockerCmdLoginGuest(self, username, password, harbor_server=harbor_host): self.docker_client.login(username=username, password=password, registry=self.harbor_host) self.docker_client.images.pull("busybox:latest") image = self.docker_client.images.get("busybox:latest") image.tag(repository=self.harbor_host + "/" + self._project_name + "/busyboxguest", tag="latest") output = self.docker_client.images.push(repository=self.harbor_host + "1/" + self._project_name + "/busyboxguest", tag="latest") if output.find("error") < 0: self.fail("Should failed to push image for guest user") self.docker_client.images.pull(repository=self.harbor_host + "/" + self._project_name + "/busybox", tag="latest") pass # check can see his log in current project def queryUserLogs(self, username, password, status_code=200): client = dict(endpoint=ADMIN_CLIENT["endpoint"], username=username, password=password) try: logs = self.projectv2.get_project_log(self._project_name, status_code, **client) count = 0 for log in list(logs): count = count + 1 return count except ApiException as e: _assert_status_code(status_code, e.status) return 0
class TestAssignRoleToLdapGroup(unittest.TestCase): harbor_host = os.environ["HARBOR_HOST"] """AssignRoleToLdapGroup unit test stubs""" product_api = testutils.GetProductApi("admin", "Harbor12345") project_id = 0 docker_client = docker.from_env() def setUp(self): #login with admin, create a project and assign role to ldap group result = self.product_api.configurations_put( configurations=Configurations( ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2)) pprint(result) cfgs = self.product_api.configurations_get() pprint(cfgs) req = ProjectReq() req.project_name = "ldap_group_test_prj" req.metadata = ProjectMetadata(public="false") result = self.product_api.projects_post(req) pprint(result) projs = self.product_api.projects_get(name="ldap_group_test_prj") if projs.count > 0: project = projs[0] self.project_id = project.project_id # asign role to project with dn group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com" projectmember = ProjectMember() projectmember.role_id = 1 projectmember.member_group = UserGroup(ldap_group_dn=group_dn) result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember) pprint(result) group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com" projectmember = ProjectMember() projectmember.role_id = 2 projectmember.member_group = UserGroup(ldap_group_dn=group_dn) result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember) pprint(result) group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com" projectmember = ProjectMember() projectmember.role_id = 3 projectmember.member_group = UserGroup(ldap_group_dn=group_dn) result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember) pprint(result) pass def tearDown(self): #delete images in project result = self.product_api.repositories_repo_name_delete( repo_name="ldap_group_test_prj/busybox") pprint(result) result = self.product_api.repositories_repo_name_delete( repo_name="ldap_group_test_prj/busyboxdev") pprint(result) if self.project_id > 0: self.product_api.projects_project_id_delete(self.project_id) pass def testAssignRoleToLdapGroup(self): """Test AssignRoleToLdapGroup""" admin_product_api = testutils.GetProductApi(username="******", password="******") projects = admin_product_api.projects_get(name="ldap_group_test_prj") self.assertTrue(projects.count > 1) self.assertEqual(1, projects[0].current_user_role_id) dev_product_api = testutils.GetProductApi("dev_user", "zhu88jie") projects = dev_product_api.projects_get(name="ldap_group_test_prj") self.assertTrue(projects.count > 1) self.assertEqual(2, projects[0].current_user_role_id) guest_product_api = testutils.GetProductApi("guest_user", "zhu88jie") projects = guest_product_api.projects_get(name="ldap_group_test_prj") self.assertTrue(projects.count > 1) self.assertEqual(3, projects[0].current_user_role_id) self.dockerCmdLoginAdmin(username="******", password="******") self.dockerCmdLoginDev(username="******", password="******") self.dockerCmdLoginGuest(username="******", password="******") self.assertTrue( self.queryUserLogs(username="******", password="******") > 0, "admin user can see logs") self.assertTrue( self.queryUserLogs(username="******", password="******") > 0, "dev user can see logs") self.assertTrue( self.queryUserLogs(username="******", password="******") > 0, "guest user can see logs") self.assertTrue( self.queryUserLogs(username="******", password="******") == 0, "user001 can not see any logs") pass # admin user can push, pull images def dockerCmdLoginAdmin(self, username, password): pprint(self.docker_client.info()) self.docker_client.login(username=username, password=password, registry=self.harbor_host) self.docker_client.images.pull("busybox:latest") image = self.docker_client.images.get("busybox:latest") image.tag(repository=self.harbor_host + "/ldap_group_test_prj/busybox", tag="latest") output = self.docker_client.images.push(repository=self.harbor_host + "/ldap_group_test_prj/busybox", tag="latest") if output.find("error") > 0: self.fail("Should not fail to push image for admin_user") self.docker_client.images.pull(repository=self.harbor_host + "/ldap_group_test_prj/busybox", tag="latest") pass # dev user can push, pull images def dockerCmdLoginDev(self, username, password, harbor_server=harbor_host): self.docker_client.login(username=username, password=password, registry=self.harbor_host) self.docker_client.images.pull("busybox:latest") image = self.docker_client.images.get("busybox:latest") image.tag(repository=self.harbor_host + "/ldap_group_test_prj/busyboxdev", tag="latest") output = self.docker_client.images.push( repository=self.harbor_host + "/ldap_group_test_prj/busyboxdev", tag="latest") if output.find("error") > 0: self.fail("Should not fail to push images for dev_user") pass # guest user can pull images def dockerCmdLoginGuest(self, username, password, harbor_server=harbor_host): self.docker_client.login(username=username, password=password, registry=self.harbor_host) self.docker_client.images.pull("busybox:latest") image = self.docker_client.images.get("busybox:latest") image.tag(repository=self.harbor_host + "/ldap_group_test_prj/busyboxguest", tag="latest") output = self.docker_client.images.push( repository=self.harbor_host + "1/ldap_group_test_prj/busyboxguest", tag="latest") if output.find("error") < 0: self.fail("Should failed to push image for guest user") self.docker_client.images.pull(repository=self.harbor_host + "/ldap_group_test_prj/busybox", tag="latest") pass # check can see his log in current project def queryUserLogs(self, username, password, harbor_host=harbor_host): client_product_api = testutils.GetProductApi(username=username, password=password) logs = client_product_api.logs_get(repository="ldap_group_test_prj", username=username) if logs == None: return 0 else: return logs.count
def testHealthCheck(self): client = testutils.GetProductApi("admin", "Harbor12345") status, code, _ = client.health_get_with_http_info() self.assertEqual(code, 200) self.assertEqual("healthy", status.status)