def create_system_robot(self, permission_list, duration, robot_name=None, robot_desc=None, expect_status_code=201, **kwargs): if robot_name is None: robot_name = base._random_name("robot") if robot_desc is None: robot_desc = base._random_name("robot_desc") robotAccountCreate = v2_swagger_client.RobotCreate( name=robot_name, description=robot_desc, duration=duration, level="system", disable=False, permissions=permission_list) print("robotAccountCreate:", robotAccountCreate) client = self._get_client(**kwargs) data = [] data, status_code, header = client.create_robot_with_http_info( robotAccountCreate) base._assert_status_code(expect_status_code, status_code) base._assert_status_code(201, status_code) return base._get_id_from_header(header), data
def create_user(self, name=None, email=None, user_password=None, realname=None, expect_status_code=201, **kwargs): if name is None: name = base._random_name("user") if realname is None: realname = base._random_name("realname") if email is None: email = '%s@%s.com' % (realname, "vmware") if user_password is None: user_password = "******" user_req = v2_swagger_client.UserCreationReq(username=name, email=email, password=user_password, realname=realname) try: _, status_code, header = self._get_client( **kwargs).create_user_with_http_info(user_req) except ApiException as e: base._assert_status_code(expect_status_code, e.status) else: base._assert_status_code(expect_status_code, status_code) return base._get_id_from_header(header), name
def create_user(self, name=None, email=None, user_password=None, realname=None, role_id=None, **kwargs): if name is None: name = base._random_name("user") if realname is None: realname = base._random_name("realname") if email is None: email = '%s@%s.com' % (realname, "vmware") if user_password is None: user_password = "******" if role_id is None: role_id = 0 client = self._get_client(**kwargs) user = swagger_client.User(username=name, email=email, password=user_password, realname=realname, role_id=role_id) _, status_code, header = client.users_post_with_http_info(user) base._assert_status_code(201, status_code) return base._get_id_from_header(header), name
def create_project_robot(self, project_name, expires_at, robot_name=None, robot_desc=None, has_pull_right=True, has_push_right=True, has_chart_read_right=True, has_chart_create_right=True, expect_status_code=201, **kwargs): if robot_name is None: robot_name = base._random_name("robot") if robot_desc is None: robot_desc = base._random_name("robot_desc") if has_pull_right is False and has_push_right is False: has_pull_right = True access_list = [] action_pull = "pull" action_push = "push" action_read = "read" action_create = "create" if has_pull_right is True: robotAccountAccess = v2_swagger_client.Access( resource="repository", action=action_pull) access_list.append(robotAccountAccess) if has_push_right is True: robotAccountAccess = v2_swagger_client.Access( resource="repository", action=action_push) access_list.append(robotAccountAccess) if has_chart_read_right is True: robotAccountAccess = v2_swagger_client.Access( resource="helm-chart", action=action_read) access_list.append(robotAccountAccess) if has_chart_create_right is True: robotAccountAccess = v2_swagger_client.Access( resource="helm-chart-version", action=action_create) access_list.append(robotAccountAccess) robotaccountPermissions = v2_swagger_client.Permission( kind="project", namespace=project_name, access=access_list) permission_list = [] permission_list.append(robotaccountPermissions) robotAccountCreate = v2_swagger_client.RobotCreate( name=robot_name, description=robot_desc, expires_at=expires_at, level="project", permissions=permission_list) client = self._get_client(**kwargs) data = [] data, status_code, header = client.create_robot_with_http_info( robotAccountCreate) base._assert_status_code(expect_status_code, status_code) base._assert_status_code(201, status_code) return base._get_id_from_header(header), data
def verify_repository_unpushable(self, project_access_list, system_ra_client, expected_login_error_message = "unauthorized: authentication required", expected_error_message = ""): for project_access in project_access_list: #---repository:push--- push_self_build_image_to_project( project_access["project_name"], harbor_server, system_ra_client["username"], system_ra_client["password"], "test_unpushable"+base._random_name("repo"), "v6.8.1"+base._random_name("tag"), expected_login_error_message = expected_login_error_message, expected_error_message = expected_error_message )
def add_project_robot_account(self, project_id, project_name, expires_at, robot_name=None, robot_desc=None, has_pull_right=True, has_push_right=True, has_chart_read_right=True, has_chart_create_right=True, expect_status_code=201, **kwargs): kwargs['api_type'] = 'products' if robot_name is None: robot_name = base._random_name("robot") if robot_desc is None: robot_desc = base._random_name("robot_desc") if has_pull_right is False and has_push_right is False: has_pull_right = True access_list = [] resource_by_project_id = "/project/" + str(project_id) + "/repository" resource_helm_by_project_id = "/project/" + str( project_id) + "/helm-chart" resource_helm_create_by_project_id = "/project/" + str( project_id) + "/helm-chart-version" action_pull = "pull" action_push = "push" action_read = "read" action_create = "create" if has_pull_right is True: robotAccountAccess = swagger_client.RobotAccountAccess( resource=resource_by_project_id, action=action_pull) access_list.append(robotAccountAccess) if has_push_right is True: robotAccountAccess = swagger_client.RobotAccountAccess( resource=resource_by_project_id, action=action_push) access_list.append(robotAccountAccess) if has_chart_read_right is True: robotAccountAccess = swagger_client.RobotAccountAccess( resource=resource_helm_by_project_id, action=action_read) access_list.append(robotAccountAccess) if has_chart_create_right is True: robotAccountAccess = swagger_client.RobotAccountAccess( resource=resource_helm_create_by_project_id, action=action_create) access_list.append(robotAccountAccess) robotAccountCreate = swagger_client.RobotAccountCreate( robot_name, robot_desc, expires_at, access_list) client = self._get_client(**kwargs) data = [] data, status_code, header = client.projects_project_id_robots_post_with_http_info( project_id, robotAccountCreate) base._assert_status_code(expect_status_code, status_code) base._assert_status_code(201, status_code) return base._get_id_from_header(header), data
def create_registry(self, url, registry_type="harbor", description="", credentialType="basic", access_key="admin", access_secret="Harbor12345", name=base._random_name("registry"), insecure=True, expect_status_code=201, **kwargs): client = self._get_client(**kwargs) registryCredential = v2_swagger_client.RegistryCredential( type=credentialType, access_key=access_key, access_secret=access_secret) registry = v2_swagger_client.Registry(name=name, url=url, description=description, type=registry_type, insecure=insecure, credential=registryCredential) print("registry:", registry) _, status_code, header = client.create_registry_with_http_info( registry) base._assert_status_code(expect_status_code, status_code) return base._get_id_from_header(header), _
def create_project(self, name=None, metadata=None, expect_status_code=201, expect_response_body=None, **kwargs): if name is None: name = base._random_name("project") if metadata is None: metadata = {} client = self._get_client(**kwargs) try: _, status_code, header = client.projects_post_with_http_info( swagger_client.ProjectReq(name, metadata)) except ApiException as e: if e.status == expect_status_code: if expect_response_body is not None and e.body.strip( ) != expect_response_body.strip(): raise Exception( r"Create project result body is not as expected {} actual status is {}." .format(expect_response_body.strip(), e.body.strip())) else: return e.reason, e.body else: raise Exception( r"Create project result is not as expected {} actual status is {}." .format(expect_status_code, e.status)) base._assert_status_code(expect_status_code, status_code) return base._get_id_from_header(header), name
def create_instance(self, name=None, description="It's a dragonfly instance", vendor="dragonfly", endpoint_url="http://20.32.244.16", auth_mode="NONE", enabled=True, insecure=True, expect_status_code=201, expect_response_body=None, **kwargs): if name is None: name = base._random_name("instance") client = self._get_client(**kwargs) instance = v2_swagger_client.Instance(name=name, description=description, vendor=vendor, endpoint=endpoint_url, auth_mode=auth_mode, enabled=enabled) print("instance:", instance) try: _, status_code, header = client.create_instance_with_http_info( instance) except ApiException as e: base._assert_status_code(expect_status_code, e.status) if expect_response_body is not None: base._assert_status_body(expect_response_body, e.body) return base._assert_status_code(expect_status_code, status_code) base._assert_status_code(201, status_code) return base._get_id_from_header(header), name
def create_label(self, name=None, desc="", color="", scope="g", project_id=0, expect_status_code=201, **kwargs): if name is None: name = base._random_name("label") label = swagger_client.Label(name=name, description=desc, color=color, scope=scope, project_id=project_id) client = self._get_client(**kwargs) try: _, status_code, header = client.labels_post_with_http_info(label) except ApiException as e: base._assert_status_code(expect_status_code, e.status) else: base._assert_status_code(expect_status_code, status_code) base._assert_status_code(201, status_code) return base._get_id_from_header(header), name
def create_project(self, name=None, registry_id=None, metadata=None, expect_status_code=201, expect_response_body=None, **kwargs): if name is None: name = base._random_name("project") if metadata is None: metadata = {} if registry_id is None: registry_id = registry_id project = v2_swagger_client.ProjectReq(project_name=name, registry_id=registry_id, metadata=metadata) try: _, status_code, header = self._get_client( **kwargs).create_project_with_http_info(project) except ApiException as e: base._assert_status_code(expect_status_code, e.status) if expect_response_body is not None: base._assert_status_body(expect_response_body, e.body) return base._assert_status_code(expect_status_code, status_code) base._assert_status_code(201, status_code) return base._get_id_from_header(header), name
def create_policy( self, project_name, project_id, provider_id, name=None, description="It's a dragonfly policy", filters=r'[{"type":"repository","value":"re*"},{"type":"tag","value":"v1.0*"}]', trigger=r'{"type":"manual","trigger_setting":{"cron":""}}', enabled=True, expect_status_code=201, expect_response_body=None, **kwargs): if name is None: name = base._random_name("policy") client = self._get_client(**kwargs) policy = v2_swagger_client.PreheatPolicy(name=name, project_id=project_id, provider_id=provider_id, description=description, filters=filters, trigger=trigger, enabled=enabled) print("policy:", policy) try: data, status_code, header = client.create_policy_with_http_info( project_name, policy) except ApiException as e: base._assert_status_code(expect_status_code, e.status) if expect_response_body is not None: base._assert_status_body(expect_response_body, e.body) return base._assert_status_code(expect_status_code, status_code) base._assert_status_code(201, status_code) return base._get_id_from_header(header), name
def create_project(self, name=None, metadata={}, **kwargs): if name is None: name = base._random_name("project") client = self._get_client(**kwargs) _, _, header = client.projects_post_with_http_info( swagger_client.ProjectReq(name, metadata)) return base._get_id_from_header(header), name
def docker_image_tag(self, image, harbor_registry, tag = None): _tag = base._random_name("tag") if tag is not None: _tag = tag try: self.DCLIENT.tag(image, harbor_registry, _tag, force=True) return harbor_registry, _tag except docker.errors.APIError, e: raise Exception(r" Docker tag image {} failed, error is [{}]".format (image, e.message))
def verify_repository_pushable(self, project_access_list, system_ra_client): for project_access in project_access_list: print(r"project_access:", project_access) if project_access["check_list"][1]: #---repository:push--- repo = push_self_build_image_to_project( project_access["project_name"], harbor_server, system_ra_client["username"], system_ra_client["password"], "test_pushable" + base._random_name("repo"), "v6.8.1" + base._random_name("tag")) else: push_self_build_image_to_project( project_access["project_name"], harbor_server, system_ra_client["username"], system_ra_client["password"], "test_unpushable" + base._random_name("repo"), "v6.8.1" + base._random_name("tag"), expected_error_message="unauthorized to access repository")
def docker_image_tag(self, image, harbor_registry, tag = None): _tag = base._random_name("tag") if tag is not None: _tag = tag ret = "" try: ret = self.DCLIENT.tag(image, harbor_registry, _tag, force=True) print("Docker image tag commond return:", ret) return harbor_registry, _tag except docker.errors.APIError as err: raise Exception(r" Docker tag image {} failed, error is [{}]".format (image, str(err)))
def create_project(self, name=None, metadata=None, **kwargs): if name is None: name = base._random_name("project") if metadata is None: metadata = {} client = self._get_client(**kwargs) _, status_code, header = client.projects_post_with_http_info( swagger_client.ProjectReq(name, metadata)) base._assert_status_code(201, status_code) project_id = base._get_id_from_header(header) return name, project_id
def create_user(self, name=None, email=None, password=None, realname=None, **kwargs): if name is None: name = base._random_name("user") if realname is None: realname = base._random_name("realname") if email is None: email = '%s@%s.com' % (realname, "vmware") if password is None: password = "******" client = self._get_client(**kwargs) user = swagger_client.User(None, name, email, password, realname, None, None, None, None, None, None, None, None, None) print user _, _, header = client.users_post_with_http_info(user) return base._get_id_from_header(header), name
def create_webhook(self, project_id, targets, event_types=[ "DELETE_ARTIFACT", "PULL_ARTIFACT", "PUSH_ARTIFACT", "DELETE_CHART", "DOWNLOAD_CHART", "UPLOAD_CHART", "QUOTA_EXCEED", "QUOTA_WARNING", "SCANNING_FAILED", "TAG_RETENTION" ], name=None, desc=None, enabled=True, expect_status_code=201, expect_response_body=None, **kwargs): if name is None: name = base._random_name("webhook") + (str(project_id)) if desc is None: desc = base._random_name("webhook desc") + (str(project_id)) policy = v2_swagger_client.WebhookPolicy(name=name, description=desc, project_id=project_id, targets=targets, event_types=event_types, enabled=enabled) try: _, status_code, header = self._get_client( **kwargs).create_webhook_policy_of_project_with_http_info( project_id, policy) except ApiException as e: base._assert_status_code(expect_status_code, e.status) if expect_response_body is not None: base._assert_status_body(expect_response_body, e.body) return base._assert_status_code(expect_status_code, status_code) base._assert_status_code(201, status_code) return base._get_id_from_header(header), name
def docker_image_pull(self, image, tag=None): _tag = "latest" if tag is not None: _tag = tag try: tag = base._random_name("tag") pull_ret = base._get_string_from_unicode( self.DCLIENT.pull('{}:{}'.format(image, _tag))) print "pull_ret:", pull_ret except docker.errors.APIError, e: raise Exception( r" Docker pull image {} failed, error is [{}]".format( image, e.message))
def create_replication_policy(self, dest_registry=None, src_registry=None, name=None, description="", dest_namespace = "", filters=None, trigger=v2_swagger_client.ReplicationTrigger(type="manual",trigger_settings=v2_swagger_client.ReplicationTriggerSettings(cron="")), deletion=False, override=True, enabled=True, expect_status_code = 201, **kwargs): if name is None: name = base._random_name("rule") if filters is None: filters = [] policy = v2_swagger_client.ReplicationPolicy(name=name, description=description,dest_namespace=dest_namespace, dest_registry=dest_registry, src_registry=src_registry,filters=filters, trigger=trigger, deletion=deletion, override=override, enabled=enabled) _, status_code, header = self._get_client(**kwargs).create_replication_policy_with_http_info(policy) base._assert_status_code(expect_status_code, status_code) return base._get_id_from_header(header), name
def create_registry(self, endpoint, name=base._random_name("registry"), username="", password="", insecure=True, **kwargs): client = self._get_client(**kwargs) registry = swagger_client.RepTargetPost(name=name, endpoint=endpoint, username=username, password=password, insecure=insecure) _, _, header = client.targets_post_with_http_info(registry) return base._get_id_from_header(header), name
def create_label(self, name=base._random_name("label"), desc="", color="", scope="g", project_id=0, **kwargs): label = swagger_client.Label(name=name, description=desc, color=color, scope=scope, project_id=project_id) client = self._get_client(**kwargs) _, _, header = client.labels_post_with_http_info(label) return base._get_id_from_header(header), name
def create_replication_rule(self, projectIDList, targetIDList, name=base._random_name("rule"), desc="", filters=[], trigger=swagger_client.RepTrigger(kind="Manual"), replicate_deletion=True, replicate_existing_image_now=False, **kwargs): projects = [] for projectID in projectIDList: projects.append(swagger_client.Project(project_id=int(projectID))) targets = [] for targetID in targetIDList: targets.append(swagger_client.RepTarget(id=int(targetID))) for filter in filters: filter["value"] = int(filter["value"]) client = self._get_client(**kwargs) policy = swagger_client.RepPolicy(name=name, description=desc, projects=projects, targets=targets, filters=filters, trigger=trigger, replicate_deletion=replicate_deletion, replicate_existing_image_now=replicate_existing_image_now) _, _, header = client.policies_replication_post_with_http_info(policy) return base._get_id_from_header(header), name
def create_target(self, endpoint_target = None, username_target = "target_user", password_target = "Aa123456", name_target=base._random_name("target"), target_type=0, insecure_target=True, expect_status_code = 201, **kwargs): if endpoint_target is None: endpoint_target = r"https://{}.{}.{}.{}".format(int(round(time.time() * 1000)) % 100, int(round(time.time() * 1000)) % 200, int(round(time.time() * 1000)) % 100, int(round(time.time() * 1000)) % 254) client = self._get_client(**kwargs) policy = swagger_client.RepTarget(name=name_target, endpoint=endpoint_target, username=username_target, password=password_target, type=target_type, insecure=insecure_target) _, status_code, header = client.targets_post_with_http_info(policy) base._assert_status_code(expect_status_code, status_code) return base._get_id_from_header(header), name_target
def test_02_SystemlevelRobotAccount(self): """ Test case: Robot Account Test step and expected result: 1. Define a number of access lists; 2. Create the same number of private projects; 3. Create a system robot account has permission for those projects; 4. Verify the system robot account has the corresponding rights; 5. Disable the system robot account; 6. Verify the system robot account has no the corresponding rights; 7. Enable the system robot account; 8. Verify the system robot account has the corresponding rights; 9. Refresh secret for the system robot account; 10. Verify the system robot account has no the corresponding right with the old secret already; 11. Verify the system robot account still has the corresponding right with the new secret; 12. List system robot account, then add a new project to the system robot account project permission list; 13. Delete this project; 14. List system robot account successfully; 15. Delete the system robot account; 16. Verify the system robot account has no the corresponding right; 17. Add a system robot account with all project coverd; 18. Verify the system robot account has no the corresponding right; """ #1. Define a number of access lists; CHART_FILE_LIST = [ dict(name='prometheus', version='7.0.2'), dict(name='harbor', version='0.2.0') ] for i in range(2): base.run_command([ "curl", r"-o", "./tests/apitests/python/{}-{}.tgz".format( CHART_FILE_LIST[i]["name"], CHART_FILE_LIST[i]["version"]), "https://storage.googleapis.com/harbor-builds/helm-chart-test-files/{}-{}.tgz" .format(CHART_FILE_LIST[i]["name"], CHART_FILE_LIST[i]["version"]) ]) #Make sure that whether 'True' or 'False' must be included in each line or row. check_list = [ [True, True, True, True, True, True, False, True, False, True], [False, False, False, False, True, True, False, True, True, False], [True, False, True, False, True, False, True, False, True, True], [False, False, False, True, False, True, False, True, True, False] ] access_list_list = [] for i in range(len(check_list)): access_list_list.append( self.robot.create_access_list(check_list[i])) #2. Create the same number of private projects; robot_account_Permissions_list = [] project_access_list = [] for i in range(len(check_list)): with created_user(TestRobotAccount.user_ra_password, _teardown=False) as (user_id, username): with created_project(metadata={"public": "false"}, user_id=user_id, _teardown=False) as (project_id, project_name): project_access_list.append( dict(project_name=project_name, project_id=project_id, check_list=check_list[i])) robot_account_Permissions = v2_swagger_client.Permission( kind="project", namespace=project_name, access=access_list_list[i]) robot_account_Permissions_list.append( robot_account_Permissions) #3. Create a system robot account has permission for those projects; system_robot_account_id, system_robot_account = self.robot.create_system_robot( robot_account_Permissions_list, 300) print("system_robot_account:", system_robot_account) SYSTEM_RA_CLIENT = dict(endpoint=TestRobotAccount.url, username=system_robot_account.name, password=system_robot_account.secret) SYSTEM_RA_CHART_CLIENT = dict(endpoint=CHART_API_CLIENT["endpoint"], username=SYSTEM_RA_CLIENT["username"], password=SYSTEM_RA_CLIENT["password"]) #4. Verify the system robot account has the corresponding rights; for project_access in project_access_list: print(r"project_access:", project_access) if project_access["check_list"][1]: #---repository:push--- repo = push_self_build_image_to_project( project_access["project_name"], harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], "test_pushable", "v6.8.1") else: push_self_build_image_to_project( project_access["project_name"], harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], "test_unpushable", "v6.8.1", expected_error_message="unauthorized to access repository") tag_for_del = "v1.0.0" repo_name, tag = push_self_build_image_to_project( project_access["project_name"], harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], "test_del_artifact", tag_for_del) if project_access["check_list"][0]: #---repository:pull--- pull_harbor_image(harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], repo_name, tag_for_del) else: pull_harbor_image( harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], repo_name, tag_for_del, expected_error_message= "action: pull: unauthorized to access repository") if project_access["check_list"][2]: #---artifact:delete--- self.artifact.delete_artifact(project_access["project_name"], repo_name.split('/')[1], tag_for_del, **SYSTEM_RA_CLIENT) else: self.artifact.delete_artifact(project_access["project_name"], repo_name.split('/')[1], tag_for_del, expect_status_code=403, **SYSTEM_RA_CLIENT) #Prepare for chart read and delete self.chart.upload_chart( project_access["project_name"], r'./tests/apitests/python/{}-{}.tgz'.format( CHART_FILE_LIST[1]["name"], CHART_FILE_LIST[1]["version"]), **CHART_API_CLIENT) if project_access["check_list"][3]: #---helm-chart:read--- library.helm.helm2_fetch_chart_file( "chart_repo_" + base._random_name("repo"), harbor_url, project_access["project_name"], SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], CHART_FILE_LIST[1]["name"]) else: library.helm.helm2_fetch_chart_file( "chart_repo_" + base._random_name("repo"), harbor_url, project_access["project_name"], SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], CHART_FILE_LIST[1]["name"], expected_add_repo_error_message="403 Forbidden") if project_access["check_list"][ 4]: #---helm-chart-version:create--- self.chart.upload_chart( project_access["project_name"], r'./tests/apitests/python/{}-{}.tgz'.format( CHART_FILE_LIST[0]["name"], CHART_FILE_LIST[0]["version"]), **SYSTEM_RA_CHART_CLIENT) else: self.chart.upload_chart( project_access["project_name"], r'./tests/apitests/python/{}-{}.tgz'.format( CHART_FILE_LIST[0]["name"], CHART_FILE_LIST[0]["version"]), expect_status_code=403, **SYSTEM_RA_CHART_CLIENT) if project_access["check_list"][ 5]: #---helm-chart-version:delete--- self.chart.delete_chart_with_version( project_access["project_name"], CHART_FILE_LIST[1]["name"], CHART_FILE_LIST[1]["version"], **SYSTEM_RA_CHART_CLIENT) else: self.chart.delete_chart_with_version( project_access["project_name"], CHART_FILE_LIST[1]["name"], CHART_FILE_LIST[1]["version"], expect_status_code=403, **SYSTEM_RA_CHART_CLIENT) repo_name, tag = push_self_build_image_to_project( project_access["project_name"], harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], "test_create_tag", "latest_1") self.artifact.create_tag(project_access["project_name"], repo_name.split('/')[1], tag, "for_delete", **ADMIN_CLIENT) if project_access["check_list"][6]: #---tag:create--- self.artifact.create_tag(project_access["project_name"], repo_name.split('/')[1], tag, "1.0", **SYSTEM_RA_CLIENT) else: self.artifact.create_tag(project_access["project_name"], repo_name.split('/')[1], tag, "1.0", expect_status_code=403, **SYSTEM_RA_CLIENT) if project_access["check_list"][7]: #---tag:delete--- self.artifact.delete_tag(project_access["project_name"], repo_name.split('/')[1], tag, "for_delete", **SYSTEM_RA_CLIENT) else: self.artifact.delete_tag(project_access["project_name"], repo_name.split('/')[1], tag, "for_delete", expect_status_code=403, **SYSTEM_RA_CLIENT) repo_name, tag = push_self_build_image_to_project( project_access["project_name"], harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], "test_create_artifact_label", "latest_1") #Add project level label to artifact label_id, _ = self.label.create_label( project_id=project_access["project_id"], scope="p", **ADMIN_CLIENT) if project_access["check_list"][8]: #---artifact-label:create--- self.artifact.add_label_to_reference( project_access["project_name"], repo_name.split('/')[1], tag, int(label_id), **SYSTEM_RA_CLIENT) else: self.artifact.add_label_to_reference( project_access["project_name"], repo_name.split('/')[1], tag, int(label_id), expect_status_code=403, **SYSTEM_RA_CLIENT) if project_access["check_list"][9]: #---scan:create--- self.scan.scan_artifact(project_access["project_name"], repo_name.split('/')[1], tag, **SYSTEM_RA_CLIENT) else: self.scan.scan_artifact(project_access["project_name"], repo_name.split('/')[1], tag, expect_status_code=403, **SYSTEM_RA_CLIENT) #5. Disable the system robot account; self.robot.update_system_robot_account(system_robot_account_id, system_robot_account.name, robot_account_Permissions_list, disable=True, **ADMIN_CLIENT) #6. Verify the system robot account has no the corresponding rights; self.verify_repository_unpushable(project_access_list, SYSTEM_RA_CLIENT) #7. Enable the system robot account; self.robot.update_system_robot_account(system_robot_account_id, system_robot_account.name, robot_account_Permissions_list, disable=False, **ADMIN_CLIENT) #8. Verify the system robot account has the corresponding rights; self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT) #9. Refresh secret for the system robot account; new_secret = "new_secret_At_321" self.robot.refresh_robot_account_secret(system_robot_account_id, new_secret, **ADMIN_CLIENT) #10. Verify the system robot account has no the corresponding right with the old secret already; self.verify_repository_unpushable(project_access_list, SYSTEM_RA_CLIENT) #11. Verify the system robot account still has the corresponding right with the new secret; SYSTEM_RA_CLIENT["password"] = new_secret self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT) #12. List system robot account, then add a new project to the system robot account project permission list; self.robot.list_robot(**ADMIN_CLIENT) project_for_del_id, project_for_del_name = self.project.create_project( metadata={"public": "true"}, **ADMIN_CLIENT) robot_account_Permissions = v2_swagger_client.Permission( kind="project", namespace=project_for_del_name, access=access_list_list[0]) robot_account_Permissions_list.append(robot_account_Permissions) self.robot.update_system_robot_account(system_robot_account_id, system_robot_account.name, robot_account_Permissions_list, **ADMIN_CLIENT) self.robot.list_robot(**ADMIN_CLIENT) #13. Delete this project; self.project.delete_project(project_for_del_id, **ADMIN_CLIENT) #14. List system robot account successfully; self.robot.list_robot(**ADMIN_CLIENT) #15. Delete the system robot account; self.robot.delete_robot_account(system_robot_account_id, **ADMIN_CLIENT) #16. Verify the system robot account has no the corresponding right; self.verify_repository_unpushable(project_access_list, SYSTEM_RA_CLIENT) #17. Add a system robot account with all project coverd; all_true_access_list = self.robot.create_access_list([True] * 10) robot_account_Permissions_list = [] robot_account_Permissions = v2_swagger_client.Permission( kind="project", namespace="*", access=all_true_access_list) robot_account_Permissions_list.append(robot_account_Permissions) _, system_robot_account_cover_all = self.robot.create_system_robot( robot_account_Permissions_list, 300) #18. Verify the system robot account has no the corresponding right; print("system_robot_account_cover_all:", system_robot_account_cover_all) SYSTEM_RA_CLIENT_COVER_ALL = dict( endpoint=TestRobotAccount.url, username=system_robot_account_cover_all.name, password=system_robot_account_cover_all.secret) projects = self.project.get_projects(dict(), **ADMIN_CLIENT) print("All projects:", projects) project_access_list = [] for i in range(len(projects)): project_access_list.append( dict(project_name=projects[i].name, project_id=projects[i].project_id, check_list=all_true_access_list)) self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT_COVER_ALL)