mirror of
https://github.com/goharbor/harbor.git
synced 2024-09-18 08:41:10 +02:00
96 lines
4.7 KiB
Python
96 lines
4.7 KiB
Python
|
from __future__ import absolute_import
|
||
|
|
||
|
import unittest
|
||
|
import swagger_client
|
||
|
import time
|
||
|
|
||
|
from testutils import ADMIN_CLIENT
|
||
|
from library.project import Project
|
||
|
from library.user import User
|
||
|
|
||
|
|
||
|
class TestProjectCVEWhitelist(unittest.TestCase):
|
||
|
"""
|
||
|
Test case:
|
||
|
Project Level CVE Whitelist
|
||
|
Setup:
|
||
|
1.Admin creates project(PA)
|
||
|
2.Create user(RA)
|
||
|
3.Add user(RA) as a guest of project(PA)
|
||
|
Test Steps:
|
||
|
1. User(RA) reads the project(PA), verify the "reuse_sys_cve_whitelist" is empty in the metadata, and the CVE whitelist is empty
|
||
|
2. User(RA) updates the project CVE whitelist, verify it fails with Forbidden error.
|
||
|
3. Admin user updates User(RA) as project admin.
|
||
|
4. User(RA) updates the project CVE whitelist with expiration date and one item in the items list.
|
||
|
5. User(RA) reads the project(PA), verify the CVE whitelist is updated as step 4
|
||
|
6. User(RA) updates the project CVE whitelist removes expiration date and clean the items.
|
||
|
7. User(RA) reads the project(PA), verify the CVE whitelist is updated as step 6
|
||
|
8. User(RA) updates the project metadata to set "reuse_sys_cve_whitelist" to true.
|
||
|
9. User(RA) reads the project(PA) verify the project metadata is updated.
|
||
|
Tear Down:
|
||
|
1. Remove User(RA) from project(PA) as member
|
||
|
2. Delete project(PA)
|
||
|
3. Delete User(RA)
|
||
|
"""
|
||
|
|
||
|
def setUp(self):
|
||
|
self.user = User()
|
||
|
self.project = Project()
|
||
|
user_ra_password = "Aa123456"
|
||
|
print("Setup: Creating user for test")
|
||
|
user_ra_id, user_ra_name = self.user.create_user(user_password=user_ra_password, **ADMIN_CLIENT)
|
||
|
print("Created user: %s, id: %s" % (user_ra_name, user_ra_id))
|
||
|
self.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"],
|
||
|
username=user_ra_name,
|
||
|
password=user_ra_password)
|
||
|
self.user_ra_id = int(user_ra_id)
|
||
|
p_id, _ = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT)
|
||
|
self.project_pa_id = int(p_id)
|
||
|
m_id = self.project.add_project_members(self.project_pa_id, self.user_ra_id, member_role_id=3, **ADMIN_CLIENT)
|
||
|
self.member_id = int(m_id)
|
||
|
|
||
|
def tearDown(self):
|
||
|
print("Tearing down...")
|
||
|
self.project.delete_project_member(self.project_pa_id, self.member_id, **ADMIN_CLIENT)
|
||
|
self.project.delete_project(self.project_pa_id,**ADMIN_CLIENT)
|
||
|
self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT)
|
||
|
|
||
|
def testProjectLevelCVEWhitelist(self):
|
||
|
# User(RA) reads the project(PA), verify the "reuse_sys_cve_whitelist" is empty in the metadata,
|
||
|
# and the CVE whitelist is empty
|
||
|
p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
|
||
|
self.assertIsNone(p.metadata.reuse_sys_cve_whitelist)
|
||
|
self.assertEqual(0, len(p.cve_whitelist.items))
|
||
|
|
||
|
# User(RA) updates the project CVE whitelist, verify it fails with Forbidden error.
|
||
|
item_list = [swagger_client.CVEWhitelistItem(cve_id="CVE-2019-12310")]
|
||
|
exp = int(time.time()) + 1000
|
||
|
wl = swagger_client.CVEWhitelist(expires_at=exp, items=item_list)
|
||
|
self.project.update_project(self.project_pa_id, cve_whitelist=wl, expect_status_code=403, **self.USER_RA_CLIENT)
|
||
|
|
||
|
# Admin user updates User(RA) as project admin.
|
||
|
self.project.update_project_member_role(self.project_pa_id,self.member_id, 1, **ADMIN_CLIENT)
|
||
|
|
||
|
# User(RA) updates the project CVE whitelist with expiration date and one item in the items list.
|
||
|
self.project.update_project(self.project_pa_id, cve_whitelist=wl, **self.USER_RA_CLIENT)
|
||
|
p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
|
||
|
self.assertEqual("CVE-2019-12310", p.cve_whitelist.items[0].cve_id)
|
||
|
self.assertEqual(exp, p.cve_whitelist.expires_at)
|
||
|
|
||
|
# User(RA) updates the project CVE whitelist with empty items list
|
||
|
wl2 = swagger_client.CVEWhitelist(items=[])
|
||
|
self.project.update_project(self.project_pa_id, cve_whitelist=wl2, **self.USER_RA_CLIENT)
|
||
|
p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
|
||
|
self.assertEqual(0, len(p.cve_whitelist.items))
|
||
|
self.assertIsNone(p.cve_whitelist.expires_at)
|
||
|
|
||
|
# User(RA) updates the project metadata to set "reuse_sys_cve_whitelist" to true.
|
||
|
meta = swagger_client.ProjectMetadata(reuse_sys_cve_whitelist="true")
|
||
|
self.project.update_project(self.project_pa_id, metadata=meta, **self.USER_RA_CLIENT)
|
||
|
p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
|
||
|
self.assertEqual("true", p.metadata.reuse_sys_cve_whitelist)
|
||
|
|
||
|
|
||
|
if __name__ == '__main__':
|
||
|
unittest.main()
|