2018-08-01 00:38:23 +02:00
|
|
|
# coding: utf-8
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
Harbor API
|
|
|
|
|
|
2020-02-25 03:40:29 +01:00
|
|
|
These APIs provide services for manipulating Harbor project.
|
2018-08-01 00:38:23 +02:00
|
|
|
|
|
|
|
|
OpenAPI spec version: 1.4.0
|
2020-02-25 03:40:29 +01:00
|
|
|
|
2018-08-01 00:38:23 +02:00
|
|
|
Generated by: https://github.com/swagger-api/swagger-codegen.git
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
from __future__ import absolute_import
|
|
|
|
|
import os
|
|
|
|
|
import sys
|
|
|
|
|
sys.path.append(os.environ["SWAGGER_CLIENT_PATH"])
|
|
|
|
|
|
|
|
|
|
import unittest
|
|
|
|
|
import testutils
|
|
|
|
|
import docker
|
|
|
|
|
|
2020-08-07 08:56:18 +02:00
|
|
|
from testutils import ADMIN_CLIENT
|
2020-02-25 03:40:29 +01:00
|
|
|
from swagger_client.models.project_member import ProjectMember
|
|
|
|
|
from swagger_client.models.user_group import UserGroup
|
|
|
|
|
from swagger_client.models.configurations import Configurations
|
2020-08-15 18:09:06 +02:00
|
|
|
from library.project import Project
|
2020-04-09 10:19:17 +02:00
|
|
|
from library.base import _assert_status_code
|
2020-08-07 08:56:18 +02:00
|
|
|
from library.base import _random_name
|
2020-04-09 10:19:17 +02:00
|
|
|
from v2_swagger_client.rest import ApiException
|
2018-08-01 00:38:23 +02:00
|
|
|
from pprint import pprint
|
|
|
|
|
|
|
|
|
|
#Testcase
|
|
|
|
|
#3-07-LDAP usergroup manage project group members
|
|
|
|
|
class TestAssignRoleToLdapGroup(unittest.TestCase):
|
|
|
|
|
harbor_host = os.environ["HARBOR_HOST"]
|
|
|
|
|
"""AssignRoleToLdapGroup unit test stubs"""
|
|
|
|
|
product_api = testutils.GetProductApi("admin", "Harbor12345")
|
2020-02-25 03:40:29 +01:00
|
|
|
repository_api = testutils.GetRepositoryApi("admin", "Harbor12345")
|
2018-08-01 00:38:23 +02:00
|
|
|
project_id = 0
|
|
|
|
|
docker_client = docker.from_env()
|
2020-08-15 18:09:06 +02:00
|
|
|
_project_name = _random_name("test-ldap-group")
|
2020-02-25 03:40:29 +01:00
|
|
|
|
2018-08-01 00:38:23 +02:00
|
|
|
def setUp(self):
|
2020-08-15 18:09:06 +02:00
|
|
|
self.project = Project()
|
2020-04-09 10:19:17 +02:00
|
|
|
|
2018-08-01 00:38:23 +02:00
|
|
|
#login with admin, create a project and assign role to ldap group
|
|
|
|
|
result = self.product_api.configurations_put(configurations=Configurations(ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2))
|
|
|
|
|
pprint(result)
|
|
|
|
|
cfgs = self.product_api.configurations_get()
|
|
|
|
|
pprint(cfgs)
|
2020-08-15 18:09:06 +02:00
|
|
|
result = self.project.create_project(self._project_name, dict(public="false"))
|
2018-08-01 00:38:23 +02:00
|
|
|
pprint(result)
|
|
|
|
|
|
2020-08-15 18:09:06 +02:00
|
|
|
projs = self.project.get_projects(dict(name = self._project_name))
|
2020-08-07 08:56:18 +02:00
|
|
|
if len(projs)>0 :
|
2018-08-01 00:38:23 +02:00
|
|
|
project = projs[0]
|
|
|
|
|
self.project_id = project.project_id
|
2020-02-25 03:40:29 +01:00
|
|
|
|
2018-08-01 00:38:23 +02:00
|
|
|
# asign role to project with dn
|
|
|
|
|
group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com"
|
|
|
|
|
projectmember = ProjectMember()
|
|
|
|
|
projectmember.role_id = 1
|
|
|
|
|
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
|
|
|
|
|
|
|
|
|
|
result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember )
|
|
|
|
|
pprint(result)
|
|
|
|
|
|
|
|
|
|
group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com"
|
|
|
|
|
projectmember = ProjectMember()
|
|
|
|
|
projectmember.role_id = 2
|
|
|
|
|
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
|
|
|
|
|
|
|
|
|
|
result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember )
|
|
|
|
|
pprint(result)
|
|
|
|
|
|
|
|
|
|
group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com"
|
|
|
|
|
projectmember = ProjectMember()
|
|
|
|
|
projectmember.role_id = 3
|
|
|
|
|
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
|
|
|
|
|
|
|
|
|
|
result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember )
|
|
|
|
|
pprint(result)
|
|
|
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
|
if self.project_id > 0 :
|
2020-08-15 18:09:06 +02:00
|
|
|
# delete images in project
|
|
|
|
|
result = self.repository_api.delete_repository(self._project_name, "busybox")
|
|
|
|
|
pprint(result)
|
|
|
|
|
result = self.repository_api.delete_repository(self._project_name, "busyboxdev")
|
|
|
|
|
pprint(result)
|
|
|
|
|
self.project.delete_project(self.project_id)
|
2018-08-01 00:38:23 +02:00
|
|
|
|
|
|
|
|
def testAssignRoleToLdapGroup(self):
|
|
|
|
|
"""Test AssignRoleToLdapGroup"""
|
2020-08-15 18:09:06 +02:00
|
|
|
admin_product_api = Project("admin_user", "zhu88jie")
|
|
|
|
|
projects = admin_product_api.get_projects(dict(name=self._project_name))
|
2020-08-07 08:56:18 +02:00
|
|
|
self.assertTrue(len(projects) == 1)
|
2018-08-01 00:38:23 +02:00
|
|
|
self.assertEqual(1, projects[0].current_user_role_id)
|
2020-02-25 03:40:29 +01:00
|
|
|
|
2020-08-15 18:09:06 +02:00
|
|
|
dev_product_api = Project("dev_user", "zhu88jie")
|
|
|
|
|
projects = dev_product_api.get_projects(dict(name=self._project_name))
|
2020-08-07 08:56:18 +02:00
|
|
|
self.assertTrue(len(projects) == 1)
|
2018-08-01 00:38:23 +02:00
|
|
|
self.assertEqual(2, projects[0].current_user_role_id)
|
|
|
|
|
|
2020-08-15 18:09:06 +02:00
|
|
|
guest_product_api = Project("guest_user", "zhu88jie")
|
|
|
|
|
projects = guest_product_api.get_projects(dict(name=self._project_name))
|
2020-08-07 08:56:18 +02:00
|
|
|
self.assertTrue(len(projects) == 1)
|
2020-02-25 03:40:29 +01:00
|
|
|
self.assertEqual(3, projects[0].current_user_role_id)
|
2018-08-01 00:38:23 +02:00
|
|
|
|
|
|
|
|
self.dockerCmdLoginAdmin(username="admin_user", password="zhu88jie")
|
|
|
|
|
self.dockerCmdLoginDev(username="dev_user", password="zhu88jie")
|
|
|
|
|
self.dockerCmdLoginGuest(username="guest_user", password="zhu88jie")
|
|
|
|
|
|
2020-04-09 10:19:17 +02:00
|
|
|
self.assertTrue(self.queryUserLogs(username="admin_user", password="zhu88jie")>0, "admin user can see logs")
|
|
|
|
|
self.assertTrue(self.queryUserLogs(username="dev_user", password="zhu88jie")>0, "dev user can see logs")
|
|
|
|
|
self.assertTrue(self.queryUserLogs(username="guest_user", password="zhu88jie")>0, "guest user can see logs")
|
|
|
|
|
self.assertTrue(self.queryUserLogs(username="test", password="123456", status_code=403)==0, "test user can not see any logs")
|
2018-08-01 00:38:23 +02:00
|
|
|
|
|
|
|
|
# admin user can push, pull images
|
|
|
|
|
def dockerCmdLoginAdmin(self, username, password):
|
|
|
|
|
pprint(self.docker_client.info())
|
2020-02-25 03:40:29 +01:00
|
|
|
self.docker_client.login(username=username, password=password, registry=self.harbor_host)
|
2018-08-01 00:38:23 +02:00
|
|
|
self.docker_client.images.pull("busybox:latest")
|
|
|
|
|
image = self.docker_client.images.get("busybox:latest")
|
2020-08-07 08:56:18 +02:00
|
|
|
image.tag(repository=self.harbor_host+"/"+self._project_name+"/busybox", tag="latest")
|
|
|
|
|
output = self.docker_client.images.push(repository=self.harbor_host+"/"+self._project_name+"/busybox", tag="latest")
|
2018-08-01 00:38:23 +02:00
|
|
|
if output.find("error")>0 :
|
|
|
|
|
self.fail("Should not fail to push image for admin_user")
|
2020-08-07 08:56:18 +02:00
|
|
|
self.docker_client.images.pull(repository=self.harbor_host+"/"+self._project_name+"/busybox", tag="latest")
|
2020-08-15 18:09:06 +02:00
|
|
|
|
2018-08-01 00:38:23 +02:00
|
|
|
# dev user can push, pull images
|
|
|
|
|
def dockerCmdLoginDev(self, username, password, harbor_server=harbor_host):
|
2020-02-25 03:40:29 +01:00
|
|
|
self.docker_client.login(username=username, password=password, registry=self.harbor_host)
|
2018-08-01 00:38:23 +02:00
|
|
|
self.docker_client.images.pull("busybox:latest")
|
|
|
|
|
image = self.docker_client.images.get("busybox:latest")
|
2020-08-07 08:56:18 +02:00
|
|
|
image.tag(repository=self.harbor_host+"/"+self._project_name+"/busyboxdev", tag="latest")
|
|
|
|
|
output = self.docker_client.images.push(repository=self.harbor_host+"/"+self._project_name+"/busyboxdev", tag="latest")
|
2018-08-01 00:38:23 +02:00
|
|
|
if output.find("error") >0 :
|
|
|
|
|
self.fail("Should not fail to push images for dev_user")
|
2020-08-15 18:09:06 +02:00
|
|
|
|
2018-08-01 00:38:23 +02:00
|
|
|
# guest user can pull images
|
|
|
|
|
def dockerCmdLoginGuest(self, username, password, harbor_server=harbor_host):
|
2020-02-25 03:40:29 +01:00
|
|
|
self.docker_client.login(username=username, password=password, registry=self.harbor_host)
|
2018-08-01 00:38:23 +02:00
|
|
|
self.docker_client.images.pull("busybox:latest")
|
|
|
|
|
image = self.docker_client.images.get("busybox:latest")
|
2020-08-07 08:56:18 +02:00
|
|
|
image.tag(repository=self.harbor_host+"/"+self._project_name+"/busyboxguest", tag="latest")
|
|
|
|
|
output = self.docker_client.images.push(repository=self.harbor_host+"1/"+self._project_name+"/busyboxguest", tag="latest")
|
2018-08-01 00:38:23 +02:00
|
|
|
if output.find("error")<0 :
|
|
|
|
|
self.fail("Should failed to push image for guest user")
|
2020-08-07 08:56:18 +02:00
|
|
|
self.docker_client.images.pull(repository=self.harbor_host+"/"+self._project_name+"/busybox", tag="latest")
|
2020-08-15 18:09:06 +02:00
|
|
|
|
2018-08-01 00:38:23 +02:00
|
|
|
# check can see his log in current project
|
2020-04-09 10:19:17 +02:00
|
|
|
def queryUserLogs(self, username, password, status_code=200):
|
|
|
|
|
client=dict(endpoint = ADMIN_CLIENT["endpoint"], username = username, password = password)
|
|
|
|
|
try:
|
2020-08-15 18:09:06 +02:00
|
|
|
logs = self.project.get_project_log(self._project_name, status_code, **client)
|
2020-04-09 10:19:17 +02:00
|
|
|
count = 0
|
|
|
|
|
for log in list(logs):
|
|
|
|
|
count = count + 1
|
|
|
|
|
return count
|
|
|
|
|
except ApiException as e:
|
|
|
|
|
_assert_status_code(status_code, e.status)
|
2018-08-01 00:38:23 +02:00
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
|
unittest.main()
|
