def setUp(self): self.project = Project() self.user = User() self.artifact = Artifact() self.repo = Repository() self.scan = Scan() self.url = ADMIN_CLIENT["endpoint"] self.user_password = "******" self.project_id, self.project_name, self.user_id, self.user_name, self.repo_name1, self.repo_name2 = [ None ] * 6 self.user_id, self.user_name = self.user.create_user( user_password=self.user_password, **ADMIN_CLIENT) self.USER_CLIENT = dict(with_signature=True, with_immutable_status=True, endpoint=self.url, username=self.user_name, password=self.user_password, with_scan_overview=True) #2. Create a new private project(PA) by user(UA); self.project_id, self.project_name = self.project.create_project( metadata={"public": "false"}, **ADMIN_CLIENT) #3. Add user(UA) as a member of project(PA) with project-admin role; self.project.add_project_members(self.project_id, user_id=self.user_id, **ADMIN_CLIENT)
def setUp(self): self.project = Project() self.user = User() self.artifact = Artifact() self.repo = Repository() self.scan = Scan() self.scanner = Scanner()
def setUp(self): self.project = Project() self.user = User() self.repo = Repository() self.artifact = Artifact() self.robot = Robot() self.scan = Scan() self.label = Label() self.chart = Chart() TestRobotAccount.url = ADMIN_CLIENT["endpoint"] TestRobotAccount.user_ra_password = "******" print("setup")
class TestScanImageInPublicProject(unittest.TestCase): @suppress_urllib3_warning def setUp(self): self.artifact = Artifact() self.repo = Repository() self.scan = Scan() @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def tearDown(self): print("Case completed") def testScanImageInPublicProject(self): """ Test case: Scan An Image Artifact In Public Project Test step and expected result: 1. Create a new user(UA); 2. Create a new public project(PA) by user(UA); 3. Add user(UA) as a member of project(PA) with project-admin role; 4. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); 5. Send scan image command without credential (anonymous), the API response should be 401; 6. Create a new user(UB) which is non member of the project(PA); 7. Send scan image command with credential of the new created user(UB), the API response should be 403; 8. Delete user(UB); 9. Send scan image command with credential of the user(UA) and get tag(TA) information to check scan result, it should be finished; 10. Delete repository(RA) by user(UA); 11. Delete project(PA); 12. Delete user(UA); """ password = '******' # nosec with created_user(password) as (user_id, username): with created_project(metadata={"public": "true"}, user_id=user_id) as (_, project_name): image, src_tag = "docker", "1.13" full_name, tag = push_self_build_image_to_project(project_name, harbor_server, username, password, image, src_tag) repo_name = full_name.split('/')[1] # scan image with anonymous user self.scan.scan_artifact(project_name, repo_name, tag, expect_status_code=401, username=None, password=None) with created_user(password) as (_, username1): # scan image with non project memeber self.scan.scan_artifact(project_name, repo_name, tag, expect_status_code=403, username=username1, password=password) self.scan.scan_artifact(project_name, repo_name, tag, username=username, password=password) self.artifact.check_image_scan_result(project_name, image, tag, username=username, password=password, with_scan_overview=True) self.repo.delete_repoitory(project_name, repo_name)
class TestScan(unittest.TestCase): @suppress_urllib3_warning def setUp(self): self.project = Project() self.user = User() self.artifact = Artifact() self.repo = Repository() self.scan = Scan() self.url = ADMIN_CLIENT["endpoint"] self.user_password = "******" self.project_id, self.project_name, self.user_id, self.user_name, self.repo_name1, self.repo_name2 = [ None ] * 6 self.user_id, self.user_name = self.user.create_user( user_password=self.user_password, **ADMIN_CLIENT) self.USER_CLIENT = dict(with_signature=True, with_immutable_status=True, endpoint=self.url, username=self.user_name, password=self.user_password, with_scan_overview=True) #2. Create a new private project(PA) by user(UA); self.project_id, self.project_name = self.project.create_project( metadata={"public": "false"}, **ADMIN_CLIENT) #3. Add user(UA) as a member of project(PA) with project-admin role; self.project.add_project_members(self.project_id, user_id=self.user_id, **ADMIN_CLIENT) @unittest.skipIf(TEARDOWN == True, "Test data won't be erased.") def do_tearDown(self): #1. Delete repository(RA) by user(UA); self.repo.delete_repoitory(self.project_name, self.repo_name1.split('/')[1], **self.USER_CLIENT) self.repo.delete_repoitory(self.project_name, self.repo_name2.split('/')[1], **self.USER_CLIENT) #2. Delete project(PA); self.project.delete_project(self.project_id, **self.USER_CLIENT) #3. Delete user(UA); self.user.delete_user(self.user_id, **ADMIN_CLIENT) def testScanImageArtifact(self): """ Test case: Scan An Image Artifact Test step and expected result: 1. Create a new user(UA); 2. Create a new private project(PA) by user(UA); 3. Add user(UA) as a member of project(PA) with project-admin role; 4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); 5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); 6. Send scan image command and get tag(TA) information to check scan result, it should be finished; 7. Swith Scanner; 8. Send scan another image command and get tag(TA) information to check scan result, it should be finished. Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA); """ #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); self.project.projects_should_exist(dict(public=False), expected_count=1, expected_project_id=self.project_id, **self.USER_CLIENT) #Note: Please make sure that this Image has never been pulled before by any other cases, # so it is a not-scanned image right after repository creation. image = "docker" src_tag = "1.13" #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); self.repo_name1, tag = push_self_build_image_to_project( self.project_name, harbor_server, self.user_name, self.user_password, image, src_tag) #6. Send scan image command and get tag(TA) information to check scan result, it should be finished; self.scan.scan_artifact(self.project_name, self.repo_name1.split('/')[1], tag, **self.USER_CLIENT) self.artifact.check_image_scan_result(self.project_name, image, tag, **self.USER_CLIENT) self.do_tearDown() def testScanSignedImage(self): """ Test case: Scan A Signed Image Test step and expected result: 1. Create a new user(UA); 2. Create a new private project(PA) by user(UA); 3. Add user(UA) as a member of project(PA) with project-admin role; 4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); 5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); 6. Send scan image command and get tag(TA) information to check scan result, it should be finished; 7. Swith Scanner; 8. Send scan another image command and get tag(TA) information to check scan result, it should be finished. Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA); """ #Note: Please make sure that this Image has never been pulled before by any other cases, # so it is a not-scanned image right after repository creation. #Note:busybox is pulled in setup phase, and setup is a essential phase. image = "busybox" tag = "latest" #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); #TestScan.repo_name_1, tag = push_self_build_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image, tag) sign_image(harbor_server, self.project_name, image, tag) #6. Send scan image command and get tag(TA) information to check scan result, it should be finished; self.scan.scan_artifact(self.project_name, image, tag, **self.USER_CLIENT) self.artifact.check_image_scan_result(self.project_name, image, tag, **self.USER_CLIENT)
def setUp(self): self.artifact = Artifact() self.repo = Repository() self.scan = Scan()
def setUp(self): self.conf = Configurations() self.project = Project() self.artifact = Artifact() self.repo = Repository() self.scan = Scan()
class TestRobotAccount(unittest.TestCase): @suppress_urllib3_warning def setUp(self): self.project = Project() self.user = User() self.repo = Repository() self.artifact = Artifact() self.robot = Robot() self.scan = Scan() self.label = Label() self.chart = Chart() TestRobotAccount.url = ADMIN_CLIENT["endpoint"] TestRobotAccount.user_ra_password = "******" print("setup") @unittest.skipIf(TEARDOWN == True, "Test data won't be erased.") def do_01_tearDown(self): #1. Delete repository(RA) by user(UA); self.repo.delete_repoitory(self.project_ra_name_a, self.repo_name_in_project_a.split('/')[1], **self.USER_RA_CLIENT) self.repo.delete_repoitory(self.project_ra_name_b, self.repo_name_in_project_b.split('/')[1], **self.USER_RA_CLIENT) self.repo.delete_repoitory(self.project_ra_name_c, self.repo_name_in_project_c.split('/')[1], **self.USER_RA_CLIENT) self.repo.delete_repoitory(self.project_ra_name_a, self.repo_name_pa.split('/')[1], **self.USER_RA_CLIENT) #2. Delete project(PA); self.project.delete_project(self.project_ra_id_a, **self.USER_RA_CLIENT) self.project.delete_project(self.project_ra_id_b, **self.USER_RA_CLIENT) self.project.delete_project(self.project_ra_id_c, **self.USER_RA_CLIENT) #3. Delete user(UA). self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT) def test_01_ProjectlevelRobotAccount(self): """ Test case: Robot Account Test step and expected result: 1. Create user(UA); 2. Create private project(PA), private project(PB) and public project(PC) by user(UA); 3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA); 4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA); 5. Check robot account info, it should has both pull and push priviliges; 6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful; 7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful; 8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful; 9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful; 10. Pull image from project(PC), it must be successful; 11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful; 12. Update action property of robot account(RA); 13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful; 14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful; 15. Delete robot account(RA), it must be not successful. Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA). """ image_project_a = "haproxy" image_project_b = "hello-world" image_project_c = "httpd" image_robot_account = "alpine" tag = "latest" #1. Create user(UA);" self.user_ra_id, user_ra_name = self.user.create_user( user_password=TestRobotAccount.user_ra_password, **ADMIN_CLIENT) self.USER_RA_CLIENT = dict(endpoint=TestRobotAccount.url, username=user_ra_name, password=TestRobotAccount.user_ra_password) #2. Create private project(PA), private project(PB) and public project(PC) by user(UA); self.project_ra_id_a, self.project_ra_name_a = self.project.create_project( metadata={"public": "false"}, **self.USER_RA_CLIENT) self.project_ra_id_b, self.project_ra_name_b = self.project.create_project( metadata={"public": "false"}, **self.USER_RA_CLIENT) self.project_ra_id_c, self.project_ra_name_c = self.project.create_project( metadata={"public": "true"}, **self.USER_RA_CLIENT) #3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA); self.repo_name_in_project_a, tag_a = push_self_build_image_to_project( self.project_ra_name_a, harbor_server, user_ra_name, TestRobotAccount.user_ra_password, image_project_a, tag) self.repo_name_in_project_b, tag_b = push_self_build_image_to_project( self.project_ra_name_b, harbor_server, user_ra_name, TestRobotAccount.user_ra_password, image_project_b, tag) self.repo_name_in_project_c, tag_c = push_self_build_image_to_project( self.project_ra_name_c, harbor_server, user_ra_name, TestRobotAccount.user_ra_password, image_project_c, tag) #4. Create a new robot account(RA) with pull and push privilege in project(PA) by user(UA); robot_id, robot_account = self.robot.create_project_robot( self.project_ra_name_a, 30, **self.USER_RA_CLIENT) #5. Check robot account info, it should has both pull and push privilege; data = self.robot.get_robot_account_by_id(robot_id, **self.USER_RA_CLIENT) _assert_status_code(robot_account.name, data.name) #6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful; pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, self.repo_name_in_project_a, tag_a) #7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful; self.repo_name_pa, _ = push_self_build_image_to_project( self.project_ra_name_a, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag) #8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful; push_self_build_image_to_project( self.project_ra_name_b, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_error_message="unauthorized to access repository") #9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful; pull_harbor_image( harbor_server, robot_account.name, robot_account.secret, self.repo_name_in_project_b, tag_b, expected_error_message="unauthorized to access repository") #10. Pull image from project(PC), it must be successful; pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, self.repo_name_in_project_c, tag_c) #11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful; push_self_build_image_to_project( self.project_ra_name_c, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_error_message="unauthorized to access repository") #12. Update action property of robot account(RA);" self.robot.disable_robot_account(robot_id, True, **self.USER_RA_CLIENT) #13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful; pull_harbor_image( harbor_server, robot_account.name, robot_account.secret, self.repo_name_in_project_a, tag_a, expected_login_error_message="unauthorized: authentication required" ) #14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful; push_self_build_image_to_project( self.project_ra_name_a, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_login_error_message="unauthorized: authentication required" ) #15. Delete robot account(RA), it must be not successful. self.robot.delete_robot_account(robot_id, **self.USER_RA_CLIENT) self.do_01_tearDown() def verify_repository_pushable(self, project_access_list, system_ra_client): for project_access in project_access_list: print(r"project_access:", project_access) if project_access["check_list"][1]: #---repository:push--- repo = push_self_build_image_to_project( project_access["project_name"], harbor_server, system_ra_client["username"], system_ra_client["password"], "test_pushable" + base._random_name("repo"), "v6.8.1" + base._random_name("tag")) else: push_self_build_image_to_project( project_access["project_name"], harbor_server, system_ra_client["username"], system_ra_client["password"], "test_unpushable" + base._random_name("repo"), "v6.8.1" + base._random_name("tag"), expected_error_message="unauthorized to access repository") def verify_repository_unpushable( self, project_access_list, system_ra_client, expected_login_error_message="unauthorized: authentication required" ): for project_access in project_access_list: #---repository:push--- push_self_build_image_to_project( project_access["project_name"], harbor_server, system_ra_client["username"], system_ra_client["password"], "test_unpushable" + base._random_name("repo"), "v6.8.1" + base._random_name("tag"), expected_login_error_message=expected_login_error_message) def test_02_SystemlevelRobotAccount(self): """ Test case: Robot Account Test step and expected result: 1. Define a number of access lists; 2. Create the same number of private projects; 3. Create a system robot account has permission for those projects; 4. Verify the system robot account has the corresponding rights; 5. Disable the system robot account; 6. Verify the system robot account has no the corresponding rights; 7. Enable the system robot account; 8. Verify the system robot account has the corresponding rights; 9. Refresh secret for the system robot account; 10. Verify the system robot account has no the corresponding right with the old secret already; 11. Verify the system robot account still has the corresponding right with the new secret; 12. List system robot account, then add a new project to the system robot account project permission list; 13. Delete this project; 14. List system robot account successfully; 15. Delete the system robot account; 16. Verify the system robot account has no the corresponding right; 17. Add a system robot account with all project coverd; 18. Verify the system robot account has no the corresponding right; """ #1. Define a number of access lists; CHART_FILE_LIST = [ dict(name='prometheus', version='7.0.2'), dict(name='harbor', version='0.2.0') ] for i in range(2): base.run_command([ "curl", r"-o", "./tests/apitests/python/{}-{}.tgz".format( CHART_FILE_LIST[i]["name"], CHART_FILE_LIST[i]["version"]), "https://storage.googleapis.com/harbor-builds/helm-chart-test-files/{}-{}.tgz" .format(CHART_FILE_LIST[i]["name"], CHART_FILE_LIST[i]["version"]) ]) #Make sure that whether 'True' or 'False' must be included in each line or row. check_list = [ [True, True, True, True, True, True, False, True, False, True], [False, False, False, False, True, True, False, True, True, False], [True, False, True, False, True, False, True, False, True, True], [False, False, False, True, False, True, False, True, True, False] ] access_list_list = [] for i in range(len(check_list)): access_list_list.append( self.robot.create_access_list(check_list[i])) #2. Create the same number of private projects; robot_account_Permissions_list = [] project_access_list = [] for i in range(len(check_list)): with created_user(TestRobotAccount.user_ra_password, _teardown=False) as (user_id, username): with created_project(metadata={"public": "false"}, user_id=user_id, _teardown=False) as (project_id, project_name): project_access_list.append( dict(project_name=project_name, project_id=project_id, check_list=check_list[i])) robot_account_Permissions = v2_swagger_client.Permission( kind="project", namespace=project_name, access=access_list_list[i]) robot_account_Permissions_list.append( robot_account_Permissions) #3. Create a system robot account has permission for those projects; system_robot_account_id, system_robot_account = self.robot.create_system_robot( robot_account_Permissions_list, 300) print("system_robot_account:", system_robot_account) SYSTEM_RA_CLIENT = dict(endpoint=TestRobotAccount.url, username=system_robot_account.name, password=system_robot_account.secret) SYSTEM_RA_CHART_CLIENT = dict(endpoint=CHART_API_CLIENT["endpoint"], username=SYSTEM_RA_CLIENT["username"], password=SYSTEM_RA_CLIENT["password"]) #4. Verify the system robot account has the corresponding rights; for project_access in project_access_list: print(r"project_access:", project_access) if project_access["check_list"][1]: #---repository:push--- repo = push_self_build_image_to_project( project_access["project_name"], harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], "test_pushable", "v6.8.1") else: push_self_build_image_to_project( project_access["project_name"], harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], "test_unpushable", "v6.8.1", expected_error_message="unauthorized to access repository") tag_for_del = "v1.0.0" repo_name, tag = push_self_build_image_to_project( project_access["project_name"], harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], "test_del_artifact", tag_for_del) if project_access["check_list"][0]: #---repository:pull--- pull_harbor_image(harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], repo_name, tag_for_del) else: pull_harbor_image( harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], repo_name, tag_for_del, expected_error_message= "action: pull: unauthorized to access repository") if project_access["check_list"][2]: #---artifact:delete--- self.artifact.delete_artifact(project_access["project_name"], repo_name.split('/')[1], tag_for_del, **SYSTEM_RA_CLIENT) else: self.artifact.delete_artifact(project_access["project_name"], repo_name.split('/')[1], tag_for_del, expect_status_code=403, **SYSTEM_RA_CLIENT) #Prepare for chart read and delete self.chart.upload_chart( project_access["project_name"], r'./tests/apitests/python/{}-{}.tgz'.format( CHART_FILE_LIST[1]["name"], CHART_FILE_LIST[1]["version"]), **CHART_API_CLIENT) if project_access["check_list"][3]: #---helm-chart:read--- library.helm.helm2_fetch_chart_file( "chart_repo_" + base._random_name("repo"), harbor_url, project_access["project_name"], SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], CHART_FILE_LIST[1]["name"]) else: library.helm.helm2_fetch_chart_file( "chart_repo_" + base._random_name("repo"), harbor_url, project_access["project_name"], SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], CHART_FILE_LIST[1]["name"], expected_add_repo_error_message="403 Forbidden") if project_access["check_list"][ 4]: #---helm-chart-version:create--- self.chart.upload_chart( project_access["project_name"], r'./tests/apitests/python/{}-{}.tgz'.format( CHART_FILE_LIST[0]["name"], CHART_FILE_LIST[0]["version"]), **SYSTEM_RA_CHART_CLIENT) else: self.chart.upload_chart( project_access["project_name"], r'./tests/apitests/python/{}-{}.tgz'.format( CHART_FILE_LIST[0]["name"], CHART_FILE_LIST[0]["version"]), expect_status_code=403, **SYSTEM_RA_CHART_CLIENT) if project_access["check_list"][ 5]: #---helm-chart-version:delete--- self.chart.delete_chart_with_version( project_access["project_name"], CHART_FILE_LIST[1]["name"], CHART_FILE_LIST[1]["version"], **SYSTEM_RA_CHART_CLIENT) else: self.chart.delete_chart_with_version( project_access["project_name"], CHART_FILE_LIST[1]["name"], CHART_FILE_LIST[1]["version"], expect_status_code=403, **SYSTEM_RA_CHART_CLIENT) repo_name, tag = push_self_build_image_to_project( project_access["project_name"], harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], "test_create_tag", "latest_1") self.artifact.create_tag(project_access["project_name"], repo_name.split('/')[1], tag, "for_delete", **ADMIN_CLIENT) if project_access["check_list"][6]: #---tag:create--- self.artifact.create_tag(project_access["project_name"], repo_name.split('/')[1], tag, "1.0", **SYSTEM_RA_CLIENT) else: self.artifact.create_tag(project_access["project_name"], repo_name.split('/')[1], tag, "1.0", expect_status_code=403, **SYSTEM_RA_CLIENT) if project_access["check_list"][7]: #---tag:delete--- self.artifact.delete_tag(project_access["project_name"], repo_name.split('/')[1], tag, "for_delete", **SYSTEM_RA_CLIENT) else: self.artifact.delete_tag(project_access["project_name"], repo_name.split('/')[1], tag, "for_delete", expect_status_code=403, **SYSTEM_RA_CLIENT) repo_name, tag = push_self_build_image_to_project( project_access["project_name"], harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], "test_create_artifact_label", "latest_1") #Add project level label to artifact label_id, _ = self.label.create_label( project_id=project_access["project_id"], scope="p", **ADMIN_CLIENT) if project_access["check_list"][8]: #---artifact-label:create--- self.artifact.add_label_to_reference( project_access["project_name"], repo_name.split('/')[1], tag, int(label_id), **SYSTEM_RA_CLIENT) else: self.artifact.add_label_to_reference( project_access["project_name"], repo_name.split('/')[1], tag, int(label_id), expect_status_code=403, **SYSTEM_RA_CLIENT) if project_access["check_list"][9]: #---scan:create--- self.scan.scan_artifact(project_access["project_name"], repo_name.split('/')[1], tag, **SYSTEM_RA_CLIENT) else: self.scan.scan_artifact(project_access["project_name"], repo_name.split('/')[1], tag, expect_status_code=403, **SYSTEM_RA_CLIENT) #5. Disable the system robot account; self.robot.update_system_robot_account(system_robot_account_id, system_robot_account.name, robot_account_Permissions_list, disable=True, **ADMIN_CLIENT) #6. Verify the system robot account has no the corresponding rights; self.verify_repository_unpushable(project_access_list, SYSTEM_RA_CLIENT) #7. Enable the system robot account; self.robot.update_system_robot_account(system_robot_account_id, system_robot_account.name, robot_account_Permissions_list, disable=False, **ADMIN_CLIENT) #8. Verify the system robot account has the corresponding rights; self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT) #9. Refresh secret for the system robot account; new_secret = "new_secret_At_321" self.robot.refresh_robot_account_secret(system_robot_account_id, new_secret, **ADMIN_CLIENT) #10. Verify the system robot account has no the corresponding right with the old secret already; self.verify_repository_unpushable(project_access_list, SYSTEM_RA_CLIENT) #11. Verify the system robot account still has the corresponding right with the new secret; SYSTEM_RA_CLIENT["password"] = new_secret self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT) #12. List system robot account, then add a new project to the system robot account project permission list; self.robot.list_robot(**ADMIN_CLIENT) project_for_del_id, project_for_del_name = self.project.create_project( metadata={"public": "true"}, **ADMIN_CLIENT) robot_account_Permissions = v2_swagger_client.Permission( kind="project", namespace=project_for_del_name, access=access_list_list[0]) robot_account_Permissions_list.append(robot_account_Permissions) self.robot.update_system_robot_account(system_robot_account_id, system_robot_account.name, robot_account_Permissions_list, **ADMIN_CLIENT) self.robot.list_robot(**ADMIN_CLIENT) #13. Delete this project; self.project.delete_project(project_for_del_id, **ADMIN_CLIENT) #14. List system robot account successfully; self.robot.list_robot(**ADMIN_CLIENT) #15. Delete the system robot account; self.robot.delete_robot_account(system_robot_account_id, **ADMIN_CLIENT) #16. Verify the system robot account has no the corresponding right; self.verify_repository_unpushable(project_access_list, SYSTEM_RA_CLIENT) #17. Add a system robot account with all project coverd; all_true_access_list = self.robot.create_access_list([True] * 10) robot_account_Permissions_list = [] robot_account_Permissions = v2_swagger_client.Permission( kind="project", namespace="*", access=all_true_access_list) robot_account_Permissions_list.append(robot_account_Permissions) _, system_robot_account_cover_all = self.robot.create_system_robot( robot_account_Permissions_list, 300) #18. Verify the system robot account has no the corresponding right; print("system_robot_account_cover_all:", system_robot_account_cover_all) SYSTEM_RA_CLIENT_COVER_ALL = dict( endpoint=TestRobotAccount.url, username=system_robot_account_cover_all.name, password=system_robot_account_cover_all.secret) projects = self.project.get_projects(dict(), **ADMIN_CLIENT) print("All projects:", projects) project_access_list = [] for i in range(len(projects)): project_access_list.append( dict(project_name=projects[i].name, project_id=projects[i].project_id, check_list=all_true_access_list)) self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT_COVER_ALL)
def test_01_AddIndexByDockerManifest(self): """ Test case: Push Index By Docker Manifest Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA); 4. Push an index(IA) to Harbor by docker manifest CLI successfully; 5. Get Artifacts successfully; 6. Get index(IA) by reference successfully; 7. Verify harbor index is index(IA) pushed by docker manifest CLI; 8.1 Verify harbor index(IA) can be pulled by docker CLI successfully; 8.2 Verify harbor index(IA) can be pulled by docker CLI successfully; 9. Get addition successfully; 10. Unable to Delete artifact in manifest list; 11. Delete index successfully. Tear down: 1. Delete repository(RA,RB,IA) by user(UA); 2. Delete project(PA); 3. Delete user(UA). """ TestManifest.project = Project() TestManifest.user = User() TestManifest.artifact = Artifact() TestManifest.repo = Repository() TestManifest.scan = Scan() TestManifest.url = ADMIN_CLIENT["endpoint"] TestManifest.user_push_index_password = "******" TestManifest.index_name = "ci_test_index" TestManifest.index_tag = "test_tag" TestManifest.image_a = "alpine" TestManifest.image_b = "busybox" #1. Create a new user(UA); TestManifest.user_id, TestManifest.user_name = TestManifest.user.create_user( user_password=TestManifest.user_push_index_password, **ADMIN_CLIENT) TestManifest.USER_CLIENT = dict( endpoint=TestManifest.url, username=TestManifest.user_name, password=TestManifest.user_push_index_password, with_scan_overview=True) #2. Create a new project(PA) by user(UA); TestManifest.project_id, TestManifest.project_name = TestManifest.project.create_project( metadata={"public": "false"}, **TestManifest.USER_CLIENT) #3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA); repo_name_a, tag_a = push_self_build_image_to_project( TestManifest.project_name, harbor_server, 'admin', 'Harbor12345', TestManifest.image_a, "latest") repo_name_b, tag_b = push_self_build_image_to_project( TestManifest.project_name, harbor_server, 'admin', 'Harbor12345', TestManifest.image_b, "latest") #4. Push an index(IA) to Harbor by docker manifest CLI successfully; manifests = [ harbor_server + "/" + repo_name_a + ":" + tag_a, harbor_server + "/" + repo_name_b + ":" + tag_b ] index = harbor_server + "/" + TestManifest.project_name + "/" + TestManifest.index_name + ":" + TestManifest.index_tag TestManifest.index_sha256_cli_ret, TestManifest.manifests_sha256_cli_ret = library.docker_api.docker_manifest_push_to_harbor( index, manifests, harbor_server, TestManifest.user_name, TestManifest.user_push_index_password) #5. Get Artifacts successfully; artifacts = TestManifest.artifact.list_artifacts( TestManifest.project_name, TestManifest.index_name, **TestManifest.USER_CLIENT) TestManifest.artifacts_ref_child_list = [ artifacts[0].references[1].child_digest, artifacts[0].references[0].child_digest ] self.assertEqual( TestManifest.artifacts_ref_child_list.count( TestManifest.manifests_sha256_cli_ret[0]), 1) self.assertEqual( TestManifest.artifacts_ref_child_list.count( TestManifest.manifests_sha256_cli_ret[1]), 1) #6. Get index(IA) by reference successfully; index_data = TestManifest.artifact.get_reference_info( TestManifest.project_name, TestManifest.index_name, TestManifest.index_tag, **TestManifest.USER_CLIENT) print("index_data:", index_data) manifests_sha256_harbor_ret = [ index_data.references[1].child_digest, index_data.references[0].child_digest ] #7. Verify harbor index is index(IA) pushed by docker manifest CLI; self.assertEqual(index_data.digest, TestManifest.index_sha256_cli_ret) self.assertEqual( manifests_sha256_harbor_ret.count( TestManifest.manifests_sha256_cli_ret[0]), 1) self.assertEqual( manifests_sha256_harbor_ret.count( TestManifest.manifests_sha256_cli_ret[1]), 1) #8.1 Verify harbor index(IA) can be pulled by docker CLI successfully; pull_harbor_image( harbor_server, TestManifest.user_name, TestManifest.user_push_index_password, TestManifest.project_name + "/" + TestManifest.index_name, TestManifest.index_tag) #8.2 Verify harbor index(IA) can be pulled by ctr successfully; oci_ref = harbor_server + "/" + TestManifest.project_name + "/" + TestManifest.index_name + ":" + TestManifest.index_tag library.containerd.ctr_images_pull( TestManifest.user_name, TestManifest.user_push_index_password, oci_ref) library.containerd.ctr_images_list(oci_ref=oci_ref) #9. Get addition successfully; addition_v = TestManifest.artifact.get_addition( TestManifest.project_name, TestManifest.index_name, TestManifest.index_tag, "vulnerabilities", **TestManifest.USER_CLIENT) self.assertEqual(addition_v[0], '{}') #This artifact has no build history addition_v = TestManifest.artifact.get_addition( TestManifest.project_name, TestManifest.index_name, TestManifest.manifests_sha256_cli_ret[0], "vulnerabilities", **TestManifest.USER_CLIENT) self.assertEqual(addition_v[0], '{}') addition_b = TestManifest.artifact.get_addition( TestManifest.project_name, TestManifest.index_name, TestManifest.manifests_sha256_cli_ret[0], "build_history", **TestManifest.USER_CLIENT) self.assertIn("ADD file:", addition_b[0]) image_data = TestManifest.artifact.get_reference_info( TestManifest.project_name, TestManifest.index_name, TestManifest.manifests_sha256_cli_ret[0], **TestManifest.USER_CLIENT) addition_v = TestManifest.artifact.get_addition( TestManifest.project_name, TestManifest.index_name, TestManifest.manifests_sha256_cli_ret[1], "vulnerabilities", **TestManifest.USER_CLIENT) self.assertEqual(addition_v[0], '{}') addition_b = TestManifest.artifact.get_addition( TestManifest.project_name, TestManifest.index_name, TestManifest.manifests_sha256_cli_ret[1], "build_history", **TestManifest.USER_CLIENT) self.assertIn("ADD file:", addition_b[0]) image_data = TestManifest.artifact.get_reference_info( TestManifest.project_name, TestManifest.index_name, TestManifest.manifests_sha256_cli_ret[0], **TestManifest.USER_CLIENT)
def test_01_PushBundleByCnab(self): """ Test case: Push Bundle By Cnab Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Push bundle to harbor as repository(RA); 4. Get repository from Harbor successfully; 5. Verfiy bundle name; 6. Get artifact by sha256; 7. Verify artifact information. """ TestCNAB.project = Project() TestCNAB.user = User() TestCNAB.artifact = Artifact() TestCNAB.repo = Repository() TestCNAB.scan = Scan() TestCNAB.url = ADMIN_CLIENT["endpoint"] TestCNAB.user_push_cnab_password = "******" TestCNAB.cnab_repo_name = "test_cnab" TestCNAB.cnab_tag = "test_cnab_tag" TestCNAB.project_name = None TestCNAB.artifacts_config_ref_child_list = None TestCNAB.artifacts_ref_child_list = None #1. Create a new user(UA); TestCNAB.user_id, TestCNAB.user_name = TestCNAB.user.create_user( user_password=TestCNAB.user_push_cnab_password, **ADMIN_CLIENT) TestCNAB.USER_CLIENT = dict(endpoint=TestCNAB.url, username=TestCNAB.user_name, password=TestCNAB.user_push_cnab_password, with_scan_overview=True) #2. Create a new project(PA) by user(UA); TestCNAB.project_id, TestCNAB.project_name = TestCNAB.project.create_project( metadata={"public": "false"}, **TestCNAB.USER_CLIENT) #3. Push bundle to harbor as repository(RA); target = harbor_server + "/" + TestCNAB.project_name + "/" + TestCNAB.cnab_repo_name + ":" + TestCNAB.cnab_tag TestCNAB.reference_sha256 = library.cnab.push_cnab_bundle( harbor_server, TestCNAB.user_name, TestCNAB.user_push_cnab_password, "photon:latest", "kong:latest", target) #4. Get repository from Harbor successfully; TestCNAB.cnab_bundle_data = TestCNAB.repo.get_repository( TestCNAB.project_name, TestCNAB.cnab_repo_name, **TestCNAB.USER_CLIENT) print(TestCNAB.cnab_bundle_data) #4.1 Get refs of CNAB bundle; TestCNAB.artifacts = TestCNAB.artifact.list_artifacts( TestCNAB.project_name, TestCNAB.cnab_repo_name, **TestCNAB.USER_CLIENT) print("artifacts:", TestCNAB.artifacts) TestCNAB.artifacts_ref_child_list = [] TestCNAB.artifacts_config_ref_child_list = [] for ref in TestCNAB.artifacts[0].references: if ref.annotations["io.cnab.manifest.type"] != 'config': TestCNAB.artifacts_ref_child_list.append(ref.child_digest) else: TestCNAB.artifacts_config_ref_child_list.append( ref.child_digest) self.assertEqual(len(TestCNAB.artifacts_ref_child_list), 2, msg="Image artifact count should be 2.") self.assertEqual(len(TestCNAB.artifacts_config_ref_child_list), 1, msg="Bundle count should be 1.") print(TestCNAB.artifacts_ref_child_list) #4.2 Cnab bundle can be pulled by ctr successfully; # This step might not successful since ctr does't support cnab fully, it might be uncomment sometime in future. # Please keep them in comment! #library.containerd.ctr_images_pull(TestCNAB.user_name, TestCNAB.user_push_cnab_password, target) #library.containerd.ctr_images_list(oci_ref = target) #5. Verfiy bundle name; self.assertEqual(TestCNAB.cnab_bundle_data.name, TestCNAB.project_name + "/" + TestCNAB.cnab_repo_name) #6. Get artifact by sha256; artifact = TestCNAB.artifact.get_reference_info( TestCNAB.project_name, TestCNAB.cnab_repo_name, TestCNAB.reference_sha256, **TestCNAB.USER_CLIENT) #7. Verify artifact information; self.assertEqual(artifact.type, 'CNAB') self.assertEqual(artifact.digest, TestCNAB.reference_sha256)
def setUp(self): self.project = Project() self.user = User() self.artifact = Artifact(api_type='artifact') self.repo = Repository(api_type='repository') self.scan = Scan(api_type='scan')
class TestProjects(unittest.TestCase): @classmethod def setUp(self): self.project = Project() self.user = User() self.artifact = Artifact(api_type='artifact') self.repo = Repository(api_type='repository') self.scan = Scan(api_type='scan') @classmethod def tearDown(self): print "Case completed" @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def test_ClearData(self): #1. Delete repository(RA) by user(UA); self.repo.delete_repoitory(TestProjects.project_scan_image_name, TestProjects.repo_name.split('/')[1], **TestProjects.USER_SCAN_IMAGE_CLIENT) #2. Delete project(PA); self.project.delete_project(TestProjects.project_scan_image_id, **TestProjects.USER_SCAN_IMAGE_CLIENT) #3. Delete user(UA); self.user.delete_user(TestProjects.user_scan_image_id, **ADMIN_CLIENT) def testScanImageArtifact(self): """ Test case: Scan An Image Artifact Test step and expected result: 1. Create a new user(UA); 2. Create a new private project(PA) by user(UA); 3. Add user(UA) as a member of project(PA) with project-admin role; 4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); 5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); 6. Send scan image command and get tag(TA) information to check scan result, it should be finished; Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA); """ url = ADMIN_CLIENT["endpoint"] user_001_password = "******" #1. Create user-001 TestProjects.user_scan_image_id, user_scan_image_name = self.user.create_user( user_password=user_001_password, **ADMIN_CLIENT) TestProjects.USER_SCAN_IMAGE_CLIENT = dict( endpoint=url, username=user_scan_image_name, password=user_001_password, with_scan_overview=True) #2. Create a new private project(PA) by user(UA); TestProjects.project_scan_image_id, TestProjects.project_scan_image_name = self.project.create_project( metadata={"public": "false"}, **ADMIN_CLIENT) #3. Add user(UA) as a member of project(PA) with project-admin role; self.project.add_project_members(TestProjects.project_scan_image_id, TestProjects.user_scan_image_id, **ADMIN_CLIENT) #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); self.project.projects_should_exist( dict(public=False), expected_count=1, expected_project_id=TestProjects.project_scan_image_id, **TestProjects.USER_SCAN_IMAGE_CLIENT) #Note: Please make sure that this Image has never been pulled before by any other cases, # so it is a not-scanned image right after repository creation. #image = "tomcat" image = "docker" src_tag = "1.13" #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); TestProjects.repo_name, tag = push_image_to_project( TestProjects.project_scan_image_name, harbor_server, user_scan_image_name, user_001_password, image, src_tag) #6. Send scan image command and get tag(TA) information to check scan result, it should be finished; self.scan.scan_artifact(TestProjects.project_scan_image_name, TestProjects.repo_name.split('/')[1], tag, **TestProjects.USER_SCAN_IMAGE_CLIENT) #6. Send scan image command and get tag(TA) information to check scan result, it should be finished; self.artifact.check_image_scan_result( TestProjects.project_scan_image_name, image, tag, **TestProjects.USER_SCAN_IMAGE_CLIENT)