class TestProjects(unittest.TestCase): @classmethod def setUpClass(self): self.project= Project() self.user= User() self.artifact = Artifact() self.repo= Repository() self.url = ADMIN_CLIENT["endpoint"] self.user_push_chart_password = "******" self.chart_file = "https://storage.googleapis.com/harbor-builds/helm-chart-test-files/harbor-0.2.0.tgz" self.archive = "harbor/" self.verion = "0.2.0" self.repo_name = "harbor_api_test" @classmethod def tearDownClass(self): print "Case completed" @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def test_ClearData(self): #1. Delete repository chart(CA) by user(UA); self.repo.delete_repoitory(TestProjects.project_push_chart_name, self.repo_name, **TestProjects.USER_CLIENT) #2. Delete project(PA); self.project.delete_project(TestProjects.project_push_chart_id, **TestProjects.USER_CLIENT) #3. Delete user(UA). self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT) def testPushChartByHelmChartCLI(self): """ Test case: Push Chart File By Helm Chart CLI Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Push an chart(CA) to Harbor by helm3 registry/chart CLI successfully; 4. List artifacts successfully; 5. Get chart(CA) by reference successfully; 6. Get addtion successfully; 7. Delete chart by reference successfully. Tear down: 1. Delete repository chart(CA) by user(UA); 2. Delete project(PA); 3. Delete user(UA). """ #1. Create a new user(UA); TestProjects.user_id, user_name = self.user.create_user(user_password = self.user_push_chart_password, **ADMIN_CLIENT) TestProjects.USER_CLIENT=dict(endpoint = self.url, username = user_name, password = self.user_push_chart_password) #2. Create a new project(PA) by user(UA); TestProjects.project_push_chart_id, TestProjects.project_push_chart_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CLIENT) #3. Push an chart(CA) to Harbor by helm3 registry/chart CLI successfully; chart_cli_ret = library.helm.helm_chart_push_to_harbor(self.chart_file, self.archive, harbor_server, TestProjects.project_push_chart_name, self.repo_name, self.verion, user_name, self.user_push_chart_password) print "chart_cli_ret:", chart_cli_ret #4. List artifacts successfully; artifacts = self.artifact.list_artifacts(TestProjects.project_push_chart_name, self.repo_name, **TestProjects.USER_CLIENT) self.assertEqual(artifacts[0].type, 'CHART') self.assertEqual(artifacts[0].tags[0].name, self.verion) #5. Get chart(CA) by reference successfully; artifact = self.artifact.get_reference_info(TestProjects.project_push_chart_name, self.repo_name, self.verion, **TestProjects.USER_CLIENT) self.assertEqual(artifact[0].type, 'CHART') self.assertEqual(artifact[0].tags[0].name, self.verion) #6. Get addtion successfully; addition_r = self.artifact.get_addition(TestProjects.project_push_chart_name, self.repo_name, self.verion, "readme.md", **TestProjects.USER_CLIENT) self.assertIn("Helm Chart for Harbor", addition_r[0]) addition_d = self.artifact.get_addition(TestProjects.project_push_chart_name, self.repo_name, self.verion, "dependencies", **TestProjects.USER_CLIENT) self.assertIn("https://kubernetes-charts.storage.googleapis.com", addition_d[0]) addition_v = self.artifact.get_addition(TestProjects.project_push_chart_name, self.repo_name, self.verion, "values.yaml", **TestProjects.USER_CLIENT) self.assertIn("adminserver", addition_v[0]) #7. Delete chart by reference successfully. self.artifact.delete_artifact(TestProjects.project_push_chart_name, self.repo_name, self.verion, **TestProjects.USER_CLIENT)
class TestProjects(unittest.TestCase): """ Test case: Tag Retention Setup: Create Project test-retention Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0, test4:1.0 Test Steps: 1. Create Retention Policy 2. Add rule "For the repositories matching **, retain always with tags matching latest*" 3. Add rule "For the repositories matching test3*, retain always with tags matching **" 4. Dry run, check execution and tasks 5. Real run, check images retained Tear Down: 1. Delete project test-retention """ @suppress_urllib3_warning def setUp(self): self.user = User() self.system = System() self.repo = Repository() self.project = Project() self.retention = Retention() self.artifact = Artifact() self.repo_name_1 = "test1" self.repo_name_2 = "test2" @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def tearDown(self): #TODO delete_repository will fail when no tags left anymore resp = self.repo.list_repositories(TestProjects.project_src_repo_name, **TestProjects.USER_RA_CLIENT) for repo in resp: self.repo.delete_repository(TestProjects.project_src_repo_name, repo.name.split('/')[1], **TestProjects.USER_RA_CLIENT) self.project.delete_project(TestProjects.project_src_repo_id, **TestProjects.USER_RA_CLIENT) self.user.delete_user(TestProjects.user_ra_id, **ADMIN_CLIENT) print("Case completed") def testTagRetention(self): user_ra_password = "******" user_ra_id, user_ra_name = self.user.create_user( user_password=user_ra_password, **ADMIN_CLIENT) print("Created user: %s, id: %s" % (user_ra_name, user_ra_id)) TestProjects.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"], username=user_ra_name, password=user_ra_password) TestProjects.user_ra_id = int(user_ra_id) TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT) # Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0 push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, self.repo_name_1, ['1.0']) push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, self.repo_name_1, ['2.0']) push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, self.repo_name_1, ['3.0', 'latest']) push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, self.repo_name_2, ['1.0']) push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, self.repo_name_2, ['latest']) push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, "test3", ['1.0']) push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, "test4", ['1.0']) tag_data_artifact3_image1 = self.artifact.get_reference_info( TestProjects.project_src_repo_name, self.repo_name_1, "3.0", **TestProjects.USER_RA_CLIENT) tag_data_artifact2_image2 = self.artifact.get_reference_info( TestProjects.project_src_repo_name, self.repo_name_2, "latest", **TestProjects.USER_RA_CLIENT) tags = list_image_tags( harbor_server, TestProjects.project_src_repo_name + "/" + self.repo_name_1, user_ra_name, user_ra_password) #Delete all 2 tags of "artifact3" in repostory "image1"; self.artifact.delete_tag(TestProjects.project_src_repo_name, self.repo_name_1, "3.0", "latest", **TestProjects.USER_RA_CLIENT) self.artifact.delete_tag(TestProjects.project_src_repo_name, self.repo_name_1, "3.0", "3.0", **TestProjects.USER_RA_CLIENT) tags = list_image_tags( harbor_server, TestProjects.project_src_repo_name + "/" + self.repo_name_1, user_ra_name, user_ra_password) resp = self.repo.list_repositories(TestProjects.project_src_repo_name, **TestProjects.USER_RA_CLIENT) self.assertEqual(len(resp), 4) # Create Retention Policy retention_id = self.retention.create_retention_policy( TestProjects.project_src_repo_id, selector_repository="**", selector_tag="latest*", expect_status_code=201, **TestProjects.USER_RA_CLIENT) # Add rule self.retention.update_retention_add_rule(retention_id, selector_repository="test3*", selector_tag="**", expect_status_code=200, **TestProjects.USER_RA_CLIENT) # Dry run self.retention.trigger_retention_policy(retention_id, dry_run=True, **TestProjects.USER_RA_CLIENT) time.sleep(10) resp = self.retention.get_retention_executions( retention_id, **TestProjects.USER_RA_CLIENT) self.assertTrue(len(resp) > 0) execution = resp[0] resp = self.retention.get_retention_exec_tasks( retention_id, execution.id, **TestProjects.USER_RA_CLIENT) self.assertEqual(len(resp), 4) resp = self.retention.get_retention_exec_task_log( retention_id, execution.id, resp[0].id, **TestProjects.USER_RA_CLIENT) #For Debug: print("Task 0 log begin:-----------------------------") i = 0 for line in resp.split("\n"): print("Line" + str(i) + ": " + line) i = i + 1 print("Task 0 log end:-----------------------------") # Real run self.retention.trigger_retention_policy(retention_id, dry_run=False, **TestProjects.USER_RA_CLIENT) time.sleep(10) resp = self.retention.get_retention_executions( retention_id, **TestProjects.USER_RA_CLIENT) self.assertTrue(len(resp) > 1) execution = resp[0] resp = self.retention.get_retention_exec_tasks( retention_id, execution.id, **TestProjects.USER_RA_CLIENT) self.assertEqual(len(resp), 4) resp = self.retention.get_retention_exec_task_log( retention_id, execution.id, resp[0].id, **TestProjects.USER_RA_CLIENT) print(resp) #List artifacts successfully, and untagged artifact in test1 should be the only one retained; artifacts_1 = self.artifact.list_artifacts( TestProjects.project_src_repo_name, self.repo_name_1, **TestProjects.USER_RA_CLIENT) self.assertTrue(len(artifacts_1) == 1) self.assertEqual(artifacts_1[0].digest, tag_data_artifact3_image1.digest) #List artifacts successfully, and artifact with latest tag in test2 should be the only one retained; artifacts_2 = self.artifact.list_artifacts( TestProjects.project_src_repo_name, self.repo_name_2, **TestProjects.USER_RA_CLIENT) self.assertTrue(len(artifacts_2) == 1) self.assertEqual(artifacts_2[0].digest, tag_data_artifact2_image2.digest)
class TestProjects(unittest.TestCase): @classmethod def setUp(self): self.system = System() self.project = Project() self.user = User() self.repo = Repository() self.artifact = Artifact() self.repo_name = "test_repo" self.repo_name_untag = "test_untag" self.tag = "v1.0" @classmethod def tearDown(self): print("Case completed") @unittest.skipIf(TEARDOWN == True, "Test data won't be erased.") def test_ClearData(self): #2. Delete project(PA); self.project.delete_project(TestProjects.project_gc_id, **TestProjects.USER_GC_CLIENT) #3. Delete user(UA); self.user.delete_user(TestProjects.user_gc_id, **ADMIN_CLIENT) def testGarbageCollection(self): """ Test case: Garbage Collection Test step and expected result: 1. Create a new user(UA); 2. Create project(PA) and project(PB) by user(UA); 3. Push a image in project(PA) and then delete repository by admin; 4. Get repository by user(UA), it should get nothing; 5. Tigger garbage collection operation; 6. Check garbage collection job was finished; 7. Get garbage collection log, check there is a number of files was deleted; 8. Push a image in project(PB) by admin and delete the only tag; 9. Tigger garbage collection operation; 10. Check garbage collection job was finished; 11. Repository with untag image should be still there; 12. But no any artifact in repository anymore. Tear down: 1. Delete project(PA); 2. Delete user(UA). """ url = ADMIN_CLIENT["endpoint"] admin_name = ADMIN_CLIENT["username"] admin_password = ADMIN_CLIENT["password"] user_gc_password = "******" #1. Create a new user(UA); TestProjects.user_gc_id, user_gc_name = self.user.create_user(user_password = user_gc_password, **ADMIN_CLIENT) TestProjects.USER_GC_CLIENT=dict(endpoint = url, username = user_gc_name, password = user_gc_password) #2. Create project(PA) and project(PB) by user(UA); TestProjects.project_gc_id, TestProjects.project_gc_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_GC_CLIENT) TestProjects.project_gc_untag_id, TestProjects.project_gc_untag_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_GC_CLIENT) #3. Push a image in project(PA) and then delete repository by admin; push_special_image_to_project(TestProjects.project_gc_name, harbor_server, admin_name, admin_password, self.repo_name, ["latest", "v1.2.3"]) self.repo.delete_repoitory(TestProjects.project_gc_name, self.repo_name, **TestProjects.USER_GC_CLIENT) #4. Get repository by user(UA), it should get nothing; repo_data = self.repo.list_repositories(TestProjects.project_gc_name, **TestProjects.USER_GC_CLIENT) _assert_status_code(len(repo_data), 0) #8. Push a image in project(PB) by admin and delete the only tag; push_special_image_to_project(TestProjects.project_gc_untag_name, harbor_server, admin_name, admin_password, self.repo_name_untag, [self.tag]) self.artifact.delete_tag(TestProjects.project_gc_untag_name, self.repo_name_untag, self.tag, self.tag, **ADMIN_CLIENT) #5. Tigger garbage collection operation; gc_id = self.system.gc_now(**ADMIN_CLIENT) #6. Check garbage collection job was finished; self.system.validate_gc_job_status(gc_id, "finished", **ADMIN_CLIENT) #7. Get garbage collection log, check there is a number of files was deleted; self.system.validate_deletion_success(gc_id, **ADMIN_CLIENT) artifacts = self.artifact.list_artifacts(TestProjects.project_gc_untag_name, self.repo_name_untag, **TestProjects.USER_GC_CLIENT) _assert_status_code(len(artifacts), 1) time.sleep(5) #9. Tigger garbage collection operation; gc_id = self.system.gc_now(is_delete_untagged=True, **ADMIN_CLIENT) #10. Check garbage collection job was finished; self.system.validate_gc_job_status(gc_id, "finished", **ADMIN_CLIENT) #7. Get garbage collection log, check there is a number of files was deleted; self.system.validate_deletion_success(gc_id, **ADMIN_CLIENT) #11. Repository with untag image should be still there; repo_data_untag = self.repo.list_repositories(TestProjects.project_gc_untag_name, **TestProjects.USER_GC_CLIENT) _assert_status_code(len(repo_data_untag), 1) self.assertEqual(TestProjects.project_gc_untag_name + "/" + self.repo_name_untag , repo_data_untag[0].name) #12. But no any artifact in repository anymore. artifacts = self.artifact.list_artifacts(TestProjects.project_gc_untag_name, self.repo_name_untag, **TestProjects.USER_GC_CLIENT) self.assertEqual(artifacts,[])
class TestAssignRoleToLdapGroup(unittest.TestCase): @classmethod def setUp(self): self.conf = Configurations() self.project = Project() self.artifact = Artifact() self.repo = Repository() self.scan = Scan() @classmethod def tearDown(self): print("Case completed") def TestAssignRoleToLdapGroup(self): """ Test case: Assign Role To Ldap Group Test step and expected result: 1. Set LDAP Auth configurations; 2. Create a new public project(PA) by Admin; 3. Add 3 member groups to project(PA); 4. Push image by each member role; 5. Verfify that admin_user and dev_user can push image, guest_user can not push image; 6. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs. 7. Delete repository(RA) by user(UA); 8. Delete project(PA); """ url = ADMIN_CLIENT["endpoint"] USER_ADMIN = dict(endpoint=url, username="******", password="******", repo="hello-world") USER_DEV = dict(endpoint=url, username="******", password="******", repo="alpine") USER_GUEST = dict(endpoint=url, username="******", password="******", repo="busybox") USER_TEST = dict(endpoint=url, username="******", password="******") self.conf.set_configurations_of_ldap( ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) with created_project(metadata={"public": "false"}) as (project_id, project_name): self.project.add_project_members( project_id, member_role_id=1, _ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=2, _ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=3, _ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN) self.assertTrue(len(projects) == 1) self.assertEqual(1, projects[0].current_user_role_id) repo_name_admin, _ = push_image_to_project( project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN) self.assertTrue(len(artifacts) == 1) repo_name_dev, _ = push_image_to_project( project_name, harbor_server, USER_DEV["username"], USER_DEV["password"], USER_DEV["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_DEV["repo"], **USER_DEV) self.assertTrue(len(artifacts) == 1) push_image_to_project(project_name, harbor_server, USER_GUEST["username"], USER_GUEST["password"], USER_GUEST["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST) self.assertTrue(len(artifacts) == 0) self.assertTrue( self.project.query_user_logs(project_name, **USER_ADMIN) > 0, "admin user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_DEV) > 0, "dev user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_GUEST) > 0, "guest user can see logs") self.assertTrue( self.project.query_user_logs(project_name, status_code=403, **USER_TEST) == 0, "test user can not see any logs") self.repo.delete_repoitory(project_name, repo_name_admin.split('/')[1], **USER_ADMIN) self.repo.delete_repoitory(project_name, repo_name_dev.split('/')[1], **USER_ADMIN)
class TestProjects(unittest.TestCase): @classmethod def setUpClass(self): self.project = Project() self.user = User() self.artifact = Artifact() self.repo = Repository() self.url = ADMIN_CLIENT["endpoint"] self.user_push_index_password = "******" self.index_name = "ci_test_index" self.index_tag = "test_tag" self.image_a = "alpine" self.image_b = "busybox" @classmethod def tearDownClass(self): print("Case completed") @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def test_ClearData(self): #1. Delete repository(RA,RB,IA) by user(UA); self.repo.delete_repoitory(TestProjects.project_push_index_name, self.index_name, **TestProjects.USER_CLIENT) self.repo.delete_repoitory(TestProjects.project_push_index_name, self.image_a, **TestProjects.USER_CLIENT) self.repo.delete_repoitory(TestProjects.project_push_index_name, self.image_b, **TestProjects.USER_CLIENT) #2. Delete project(PA); self.project.delete_project(TestProjects.project_push_index_id, **TestProjects.USER_CLIENT) #3. Delete user(UA). self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT) def testAddIndexByDockerManifest(self): """ Test case: Push Index By Docker Manifest Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA); 4. Push an index(IA) to Harbor by docker manifest CLI successfully; 5. Get Artifacts successfully; 6. Get index(IA) by reference successfully; 7. Verify harbor index is index(IA) pushed by docker manifest CLI; 8.1 Verify harbor index(IA) can be pulled by docker CLI successfully; 8.2 Verify harbor index(IA) can be pulled by docker CLI successfully; 9. Get addition successfully; 10. Unable to Delete artifact in manifest list; 11. Delete index successfully. Tear down: 1. Delete repository(RA,RB,IA) by user(UA); 2. Delete project(PA); 3. Delete user(UA). """ #1. Create a new user(UA); TestProjects.user_id, user_name = self.user.create_user( user_password=self.user_push_index_password, **ADMIN_CLIENT) TestProjects.USER_CLIENT = dict(endpoint=self.url, username=user_name, password=self.user_push_index_password) #2. Create a new project(PA) by user(UA); TestProjects.project_push_index_id, TestProjects.project_push_index_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_CLIENT) #3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA); repo_name_a, tag_a = push_image_to_project( TestProjects.project_push_index_name, harbor_server, 'admin', 'Harbor12345', self.image_a, "latest") repo_name_b, tag_b = push_image_to_project( TestProjects.project_push_index_name, harbor_server, 'admin', 'Harbor12345', self.image_b, "latest") #4. Push an index(IA) to Harbor by docker manifest CLI successfully; manifests = [ harbor_server + "/" + repo_name_a + ":" + tag_a, harbor_server + "/" + repo_name_b + ":" + tag_b ] index = harbor_server + "/" + TestProjects.project_push_index_name + "/" + self.index_name + ":" + self.index_tag index_sha256_cli_ret, manifests_sha256_cli_ret = library.docker_api.docker_manifest_push_to_harbor( index, manifests, harbor_server, user_name, self.user_push_index_password) #5. Get Artifacts successfully; artifacts = self.artifact.list_artifacts( TestProjects.project_push_index_name, self.index_name, **TestProjects.USER_CLIENT) artifacts_ref_child_list = [ artifacts[0].references[1].child_digest, artifacts[0].references[0].child_digest ] self.assertEqual( artifacts_ref_child_list.count(manifests_sha256_cli_ret[0]), 1) self.assertEqual( artifacts_ref_child_list.count(manifests_sha256_cli_ret[1]), 1) #6. Get index(IA) by reference successfully; index_data = self.artifact.get_reference_info( TestProjects.project_push_index_name, self.index_name, self.index_tag, **TestProjects.USER_CLIENT) manifests_sha256_harbor_ret = [ index_data[0].references[1].child_digest, index_data[0].references[0].child_digest ] #7. Verify harbor index is index(IA) pushed by docker manifest CLI; self.assertEqual(index_data[0].digest, index_sha256_cli_ret) self.assertEqual( manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[0]), 1) self.assertEqual( manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[1]), 1) #8.1 Verify harbor index(IA) can be pulled by docker CLI successfully; pull_harbor_image( harbor_server, user_name, self.user_push_index_password, TestProjects.project_push_index_name + "/" + self.index_name, self.index_tag) #8.2 Verify harbor index(IA) can be pulled by ctr successfully; oci_ref = harbor_server + "/" + TestProjects.project_push_index_name + "/" + self.index_name + ":" + self.index_tag library.containerd.ctr_images_pull(user_name, self.user_push_index_password, oci_ref) library.containerd.ctr_images_list(oci_ref=oci_ref) #9. Get addition successfully; addition_v = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, self.index_tag, "vulnerabilities", **TestProjects.USER_CLIENT) self.assertEqual(addition_v[0], '{}') #This artifact has no build history addition_v = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], "vulnerabilities", **TestProjects.USER_CLIENT) self.assertEqual(addition_v[0], '{}') addition_b = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], "build_history", **TestProjects.USER_CLIENT) self.assertIn("ADD file:", addition_b[0]) image_data = self.artifact.get_reference_info( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], **TestProjects.USER_CLIENT) addition_v = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[1], "vulnerabilities", **TestProjects.USER_CLIENT) self.assertEqual(addition_v[0], '{}') addition_b = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[1], "build_history", **TestProjects.USER_CLIENT) self.assertIn("ADD file:", addition_b[0]) image_data = self.artifact.get_reference_info( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], **TestProjects.USER_CLIENT) #10. Unable to Delete artifact in manifest list; self.artifact.delete_artifact(TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], expect_status_code=412, **TestProjects.USER_CLIENT) #11. Delete index successfully. self.artifact.delete_artifact(TestProjects.project_push_index_name, self.index_name, self.index_tag, **TestProjects.USER_CLIENT)
class TestProjects(unittest.TestCase): """ Test case: Tag Retention Setup: Create Project test-retention Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0, test4:1.0 Test Steps: 1. Create Retention Policy 2. Add rule "For the repositories matching **, retain always with tags matching latest*" 3. Add rule "For the repositories matching test3*, retain always with tags matching **" 4. Dry run, check execution and tasks 5. Real run, check images retained Tear Down: 1. Delete project test-retention """ @classmethod def setUpClass(self): self.user = User() self.system = System() self.repo = Repository() self.project = Project() self.retention = Retention() self.artifact = Artifact() self.repo_name_1 = "test1" def testTagRetention(self): user_ra_password = "******" user_ra_id, user_ra_name = self.user.create_user( user_password=user_ra_password, **ADMIN_CLIENT) print("Created user: %s, id: %s" % (user_ra_name, user_ra_id)) TestProjects.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"], username=user_ra_name, password=user_ra_password) TestProjects.user_ra_id = int(user_ra_id) TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT) # Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0 push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, self.repo_name_1, ['1.0']) push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, self.repo_name_1, ['2.0']) push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, self.repo_name_1, ['3.0', 'latest']) push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, "test2", ['1.0']) push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, "test2", ['latest']) push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, "test3", ['1.0']) push_special_image_to_project(TestProjects.project_src_repo_name, harbor_server, user_ra_name, user_ra_password, "test4", ['1.0']) tags = list_image_tags( harbor_server, TestProjects.project_src_repo_name + "/" + self.repo_name_1, user_ra_name, user_ra_password) #Delete all tags of "artifact3" in repostory "image1"; self.artifact.delete_tag(TestProjects.project_src_repo_name, self.repo_name_1, "3.0", "latest", **TestProjects.USER_RA_CLIENT) self.artifact.delete_tag(TestProjects.project_src_repo_name, self.repo_name_1, "3.0", "3.0", **TestProjects.USER_RA_CLIENT) tags = list_image_tags( harbor_server, TestProjects.project_src_repo_name + "/" + self.repo_name_1, user_ra_name, user_ra_password) resp = self.repo.list_repositories(TestProjects.project_src_repo_name, **TestProjects.USER_RA_CLIENT) self.assertEqual(len(resp), 4) # Create Retention Policy retention_id = self.retention.create_retention_policy( TestProjects.project_src_repo_id, selector_repository="**", selector_tag="latest*", expect_status_code=201, **TestProjects.USER_RA_CLIENT) # Add rule self.retention.update_retention_add_rule(retention_id, selector_repository="test3*", selector_tag="**", expect_status_code=200, **TestProjects.USER_RA_CLIENT) # Dry run self.retention.trigger_retention_policy(retention_id, dry_run=True, **TestProjects.USER_RA_CLIENT) time.sleep(10) resp = self.retention.get_retention_executions( retention_id, **TestProjects.USER_RA_CLIENT) self.assertTrue(len(resp) > 0) execution = resp[0] resp = self.retention.get_retention_exec_tasks( retention_id, execution.id, **TestProjects.USER_RA_CLIENT) self.assertEqual(len(resp), 4) resp = self.retention.get_retention_exec_task_log( retention_id, execution.id, resp[0].id, **TestProjects.USER_RA_CLIENT) #For Debug: print("Task 0 log begin:-----------------------------") i = 0 for line in resp.split("\n"): print("Line" + str(i) + ": " + line) i = i + 1 print("Task 0 log end:-----------------------------") # Real run self.retention.trigger_retention_policy(retention_id, dry_run=False, **TestProjects.USER_RA_CLIENT) time.sleep(10) resp = self.retention.get_retention_executions( retention_id, **TestProjects.USER_RA_CLIENT) self.assertTrue(len(resp) > 1) execution = resp[0] resp = self.retention.get_retention_exec_tasks( retention_id, execution.id, **TestProjects.USER_RA_CLIENT) self.assertEqual(len(resp), 4) resp = self.retention.get_retention_exec_task_log( retention_id, execution.id, resp[0].id, **TestProjects.USER_RA_CLIENT) print(resp) # TODO As the repository isn't deleted when no tags left anymore # TODO we should check the artifact/tag count here # resp=self.repo.list_repositories(TestProjects.project_src_repo_id, **TestProjects.USER_RA_CLIENT) # self.assertEqual(len(resp), 3) #List artifacts successfully; artifacts = self.artifact.list_artifacts( TestProjects.project_src_repo_name, self.repo_name_1, **TestProjects.USER_RA_CLIENT) print artifacts # 'test1' has 3 artifacts, artifact1 with tag '1.0' and artifact2 with tag '2.0' should be deleted because they doesn't match 'latest' # artifact3 should be retained because it has no tag, so count of artifacts should be 1. # TODO: This verfication should be enhanced by verify sha256 at the same time; self.assertTrue(len(artifacts) == 1) @classmethod def tearDownClass(self): print "Case completed"
class TestAssignRoleToLdapGroup(unittest.TestCase): @suppress_urllib3_warning def setUp(self): self.conf = Configurations() self.project = Project() self.artifact = Artifact() self.repo = Repository() self.user = User() @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def tearDown(self): print("Case completed") def testAssignRoleToLdapGroup(self): """ Test case: Assign Role To Ldap Group Test step and expected result: 1. Set LDAP Auth configurations; 2. Create a new public project(PA) by Admin; 3. Add 3 member groups to project(PA); 4. Push image by each member role; 5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member; 6. Verfify that admin_user and dev_user can push image, guest_user can not push image; 7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs. 8. Delete repository(RA) by user(UA); 9. Delete project(PA); """ url = ADMIN_CLIENT["endpoint"] USER_ADMIN = dict(endpoint=url, username="******", password="******", repo="haproxy") USER_DEV = dict(endpoint=url, username="******", password="******", repo="alpine") USER_GUEST = dict(endpoint=url, username="******", password="******", repo="busybox") USER_TEST = dict(endpoint=url, username="******", password="******") USER_MIKE = dict(endpoint=url, username="******", password="******") #USER001 is in group harbor_group3 self.conf.set_configurations_of_ldap( ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) with created_project(metadata={"public": "false"}) as (project_id, project_name): self.project.add_project_members( project_id, member_role_id=1, _ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=2, _ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=3, _ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN) self.assertTrue(len(projects) == 1) self.assertEqual(1, projects[0].current_user_role_id) #Mike has logged in harbor in previous test. mike = self.user.get_user_by_name(USER_MIKE["username"], **ADMIN_CLIENT) #Verify role difference in add project member feature, to distinguish between admin and dev role self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id=3, **USER_ADMIN) self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id=3, expect_status_code=403, **USER_DEV) self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id=3, expect_status_code=403, **USER_GUEST) repo_name_admin, _ = push_image_to_project( project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN) self.assertTrue(len(artifacts) == 1) repo_name_dev, _ = push_image_to_project( project_name, harbor_server, USER_DEV["username"], USER_DEV["password"], USER_DEV["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_DEV["repo"], **USER_DEV) self.assertTrue(len(artifacts) == 1) push_image_to_project( project_name, harbor_server, USER_GUEST["username"], USER_GUEST["password"], USER_GUEST["repo"], "latest", expected_error_message="unauthorized to access repository") artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST) self.assertTrue(len(artifacts) == 0) self.assertTrue( self.project.query_user_logs(project_name, **USER_ADMIN) > 0, "admin user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_DEV) > 0, "dev user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_GUEST) > 0, "guest user can see logs") self.assertTrue( self.project.query_user_logs(project_name, status_code=403, **USER_TEST) == 0, "test user can not see any logs") self.repo.delete_repository(project_name, repo_name_admin.split('/')[1], **USER_ADMIN) self.repo.delete_repository(project_name, repo_name_dev.split('/')[1], **USER_ADMIN)
class TestProjects(unittest.TestCase): user_id = None project_push_chart_id = None USER_CLIENT = None project_push_chart_name = None @suppress_urllib3_warning def setUp(self): self.project = Project() self.user = User() self.artifact = Artifact() self.repo = Repository() self.url = ADMIN_CLIENT["endpoint"] self.user_push_chart_password = "******" self.chart_file_name = "harbor-helm-1.7.3" self.chart_file_package_name = "harbor-1.7.3.tgz" self.chart_file_path = files_directory + "harbor-helm-1.7.3.tar.gz" self.version = "1.7.3" self.repo_name = "harbor" @unittest.skipIf(TEARDOWN is False, "Test data won't be erased.") def tearDown(self): # 1. Delete repository chart(CA) by user(UA); self.repo.delete_repository(TestProjects.project_push_chart_name, self.repo_name, **TestProjects.USER_CLIENT) # 2. Delete project(PA); self.project.delete_project(TestProjects.project_push_chart_id, **TestProjects.USER_CLIENT) # 3. Delete user(UA). self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT) def testPushChartByHelmChartCLI(self): """ Test case: Push Chart File By Helm3.7 CLI Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Push an chart(CA) to Harbor by helm3.7 CLI successfully; 4. List artifacts successfully; 5. Get chart(CA) by reference successfully; 6. Get addition successfully; 7. Delete chart by reference successfully. Tear down: 1. Delete repository chart(CA) by user(UA); 2. Delete project(PA); 3. Delete user(UA). """ # 1. Create a new user(UA); TestProjects.user_id, user_name = self.user.create_user( user_password=self.user_push_chart_password, **ADMIN_CLIENT) TestProjects.USER_CLIENT = dict(endpoint=self.url, username=user_name, password=self.user_push_chart_password) # 2. Create a new project(PA) by user(UA); TestProjects.project_push_chart_id, TestProjects.project_push_chart_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_CLIENT) # 3 Push an chart(CA) to Harbor by helm3.7 CLI successfully; command = ["tar", "zxf", self.chart_file_path] base.run_command(command) # 3.1 helm3_7_registry_login; helm.helm3_7_registry_login(ip=harbor_server, user=user_name, password=self.user_push_chart_password) # 3.2 helm3_7_package; helm.helm3_7_package(file_path=self.chart_file_name) # 3.2 helm3_7_push; helm.helm3_7_push(file_path=self.chart_file_package_name, ip=harbor_server, project_name=TestProjects.project_push_chart_name) # 4. List artifacts successfully; artifacts = self.artifact.list_artifacts( TestProjects.project_push_chart_name, self.repo_name, **TestProjects.USER_CLIENT) self.assertEqual(artifacts[0].type, 'CHART') self.assertEqual(artifacts[0].tags[0].name, self.version) # 5.1 Get chart(CA) by reference successfully; artifact = self.artifact.get_reference_info( TestProjects.project_push_chart_name, self.repo_name, self.version, **TestProjects.USER_CLIENT) self.assertEqual(artifact.type, 'CHART') self.assertEqual(artifact.tags[0].name, self.version) # 6. Get addition successfully; addition_r = self.artifact.get_addition( TestProjects.project_push_chart_name, self.repo_name, self.version, "readme.md", **TestProjects.USER_CLIENT) self.assertIn("Helm Chart for Harbor", addition_r[0]) addition_v = self.artifact.get_addition( TestProjects.project_push_chart_name, self.repo_name, self.version, "values.yaml", **TestProjects.USER_CLIENT) self.assertIn("expose", addition_v[0]) # 7. Delete chart by reference successfully. self.artifact.delete_artifact(TestProjects.project_push_chart_name, self.repo_name, self.version, **TestProjects.USER_CLIENT)
class TestCosign(unittest.TestCase): @suppress_urllib3_warning def setUp(self): self.project = Project() self.user = User() self.artifact = Artifact() self.repo = Repository() self.image = "alpine" self.tag = "latest" self.expect_accessory_type = "signature.cosign" @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def tearDown(self): #1. Delete repository by user(UA); self.repo.delete_repository(TestCosign.project_name, self.image, **TestCosign.user_client) #2. Delete project(PA); self.project.delete_project(TestCosign.project_id, **TestCosign.user_client) #3. Delete user(UA). self.user.delete_user(TestCosign.user_id, **ADMIN_CLIENT) def testCosignArtifact(self): """ Test case: Cosign Artifact API Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Push a new image(IA) in project(PA) by user(UA); 4. Verify that the image (IA) is not signed by cosign; 5. Sign image(IA) with cosign; 6. Verify that the image (IA) is signed by cosign; Tear down: 1. Delete project(PA); 2. Delete user(UA). """ url = ADMIN_CLIENT["endpoint"] user_password = "******" # 1. Create user(UA) TestCosign.user_id, user_name = self.user.create_user( user_password=user_password, **ADMIN_CLIENT) TestCosign.user_client = dict(endpoint=url, username=user_name, password=user_password, with_accessory=True) # 2.1. Create private project(PA) by user(UA) TestCosign.project_id, TestCosign.project_name = self.project.create_project( metadata={"public": "false"}, **TestCosign.user_client) # 2.2. Get private project of uesr-001, uesr-001 can see only one private project which is project-001 self.project.projects_should_exist( dict(public=False), expected_count=1, expected_project_id=TestCosign.project_id, **TestCosign.user_client) # 3. Push a new image(IA) in project(PA) by user(UA) TestCosign.repo_name, tag = push_self_build_image_to_project( TestCosign.project_name, harbor_server, user_name, user_password, self.image, self.tag) # 4.1. Verify list_artifacts API; artifact_list = self.artifact.list_artifacts(TestCosign.project_name, self.image, **TestCosign.user_client) first_artifact = artifact_list[0] artifact_reference = first_artifact.digest self.assertTrue(len(artifact_list) == 1) self.assertIsNone(artifact_list[0].accessories) # 4.2. Verify get_reference_info API; artifact_info = self.artifact.get_reference_info( TestCosign.project_name, self.image, artifact_reference, **TestCosign.user_client) self.assertIsNone(artifact_info.accessories) # 4.3. Verify list_accessories API; accessory_list = self.artifact.list_accessories( TestCosign.project_name, self.image, artifact_reference, **TestCosign.user_client) self.assertTrue(len(accessory_list) == 0) # 5.1. Generate cosign key pair; cosign.generate_key_pair() # 5.2. Generate cosign key pair; docker_api.docker_login_cmd(harbor_server, user_name, user_password, enable_manifest=False) cosign.sign_artifact("{}/{}/{}:{}".format(harbor_server, TestCosign.project_name, self.image, self.tag)) # 6.1. Verify list_artifacts API; artifact_list = self.artifact.list_artifacts(TestCosign.project_name, self.image, **TestCosign.user_client) self.assertTrue(len(artifact_list) == 1) first_artifact = artifact_list[0] self.assertTrue(len(first_artifact.accessories) == 1) first_accessory = first_artifact.accessories[0] self.assertEqual(first_accessory.type, self.expect_accessory_type) accessory_reference = first_accessory.digest # 6.2. Verify get_reference_info API; artifact_info = self.artifact.get_reference_info( TestCosign.project_name, self.image, artifact_reference, **TestCosign.user_client) self.assertEqual(artifact_info.accessories[0].type, self.expect_accessory_type) # 6.3. Verify list_accessories API; accessory_list = self.artifact.list_accessories( TestCosign.project_name, self.image, artifact_reference, **TestCosign.user_client) self.assertTrue(len(accessory_list) == 1) self.assertEqual(accessory_list[0].type, self.expect_accessory_type) # 6.4. Verify list_accessories API; accessory_info = self.artifact.get_reference_info( TestCosign.project_name, self.image, accessory_reference, **TestCosign.user_client) self.assertEqual(accessory_info.digest, accessory_reference)