2020-08-17 08:51:18 +02:00
from __future__ import absolute_import
import unittest
2020-11-04 03:13:12 +01:00
from testutils import harbor_server , suppress_urllib3_warning
2020-08-17 08:51:18 +02:00
from testutils import TEARDOWN
from testutils import ADMIN_CLIENT
from testutils import created_user , created_project
from library . project import Project
from library . user import User
from library . repository import Repository
from library . repository import push_image_to_project
from library . artifact import Artifact
from library . scanner import Scanner
from library . configurations import Configurations
from library . projectV2 import ProjectV2
class TestAssignRoleToLdapGroup ( unittest . TestCase ) :
2020-11-04 03:13:12 +01:00
@suppress_urllib3_warning
2020-08-17 08:51:18 +02:00
def setUp ( self ) :
self . conf = Configurations ( )
self . project = Project ( )
self . artifact = Artifact ( )
self . repo = Repository ( )
2020-09-07 05:33:27 +02:00
self . user = User ( )
2020-08-17 08:51:18 +02:00
2020-11-04 03:13:12 +01:00
@unittest.skipIf ( TEARDOWN == False , " Test data won ' t be erased. " )
2020-08-17 08:51:18 +02:00
def tearDown ( self ) :
print ( " Case completed " )
2020-08-24 14:05:49 +02:00
def testAssignRoleToLdapGroup ( self ) :
2020-08-17 08:51:18 +02:00
"""
Test case :
Assign Role To Ldap Group
Test step and expected result :
1. Set LDAP Auth configurations ;
2. Create a new public project ( PA ) by Admin ;
3. Add 3 member groups to project ( PA ) ;
4. Push image by each member role ;
2020-09-07 05:33:27 +02:00
5. Verfify that admin_user can add project member , dev_user and guest_user can not add project member ;
6. Verfify that admin_user and dev_user can push image , guest_user can not push image ;
7. Verfify that admin_user , dev_user and guest_user can view logs , test user can not view logs .
8. Delete repository ( RA ) by user ( UA ) ;
9. Delete project ( PA ) ;
2020-08-17 08:51:18 +02:00
"""
url = ADMIN_CLIENT [ " endpoint " ]
USER_ADMIN = dict ( endpoint = url , username = " admin_user " , password = " zhu88jie " , repo = " hello-world " )
USER_DEV = dict ( endpoint = url , username = " dev_user " , password = " zhu88jie " , repo = " alpine " )
USER_GUEST = dict ( endpoint = url , username = " guest_user " , password = " zhu88jie " , repo = " busybox " )
USER_TEST = dict ( endpoint = url , username = " test " , password = " 123456 " )
2020-09-07 05:33:27 +02:00
USER_MIKE = dict ( endpoint = url , username = " mike " , password = " zhu88jie " )
#USER001 is in group harbor_group3
2020-08-17 08:51:18 +02:00
self . conf . set_configurations_of_ldap ( ldap_filter = " " , ldap_group_attribute_name = " cn " , ldap_group_base_dn = " ou=groups,dc=example,dc=com " ,
ldap_group_search_filter = " objectclass=groupOfNames " , ldap_group_search_scope = 2 , * * ADMIN_CLIENT )
with created_project ( metadata = { " public " : " false " } ) as ( project_id , project_name ) :
self . project . add_project_members ( project_id , member_role_id = 1 , _ldap_group_dn = " cn=harbor_admin,ou=groups,dc=example,dc=com " , * * ADMIN_CLIENT )
self . project . add_project_members ( project_id , member_role_id = 2 , _ldap_group_dn = " cn=harbor_dev,ou=groups,dc=example,dc=com " , * * ADMIN_CLIENT )
self . project . add_project_members ( project_id , member_role_id = 3 , _ldap_group_dn = " cn=harbor_guest,ou=groups,dc=example,dc=com " , * * ADMIN_CLIENT )
2020-09-07 05:33:27 +02:00
2020-08-17 08:51:18 +02:00
projects = self . project . get_projects ( dict ( name = project_name ) , * * USER_ADMIN )
self . assertTrue ( len ( projects ) == 1 )
self . assertEqual ( 1 , projects [ 0 ] . current_user_role_id )
2020-09-07 05:33:27 +02:00
#Mike has logged in harbor in previous test.
mike = self . user . get_user_by_name ( USER_MIKE [ " username " ] , * * ADMIN_CLIENT )
#Verify role difference in add project member feature, to distinguish between admin and dev role
self . project . add_project_members ( project_id , user_id = mike . user_id , member_role_id = 3 , * * USER_ADMIN )
self . project . add_project_members ( project_id , user_id = mike . user_id , member_role_id = 3 , expect_status_code = 403 , * * USER_DEV )
self . project . add_project_members ( project_id , user_id = mike . user_id , member_role_id = 3 , expect_status_code = 403 , * * USER_GUEST )
2020-08-17 08:51:18 +02:00
repo_name_admin , _ = push_image_to_project ( project_name , harbor_server , USER_ADMIN [ " username " ] , USER_ADMIN [ " password " ] , USER_ADMIN [ " repo " ] , " latest " )
artifacts = self . artifact . list_artifacts ( project_name , USER_ADMIN [ " repo " ] , * * USER_ADMIN )
self . assertTrue ( len ( artifacts ) == 1 )
repo_name_dev , _ = push_image_to_project ( project_name , harbor_server , USER_DEV [ " username " ] , USER_DEV [ " password " ] , USER_DEV [ " repo " ] , " latest " )
artifacts = self . artifact . list_artifacts ( project_name , USER_DEV [ " repo " ] , * * USER_DEV )
self . assertTrue ( len ( artifacts ) == 1 )
2020-11-03 08:32:13 +01:00
push_image_to_project ( project_name , harbor_server , USER_GUEST [ " username " ] , USER_GUEST [ " password " ] , USER_GUEST [ " repo " ] , " latest " , expected_error_message = " unauthorized to access repository " )
2020-08-17 08:51:18 +02:00
artifacts = self . artifact . list_artifacts ( project_name , USER_GUEST [ " repo " ] , * * USER_GUEST )
self . assertTrue ( len ( artifacts ) == 0 )
self . assertTrue ( self . project . query_user_logs ( project_name , * * USER_ADMIN ) > 0 , " admin user can see logs " )
self . assertTrue ( self . project . query_user_logs ( project_name , * * USER_DEV ) > 0 , " dev user can see logs " )
self . assertTrue ( self . project . query_user_logs ( project_name , * * USER_GUEST ) > 0 , " guest user can see logs " )
self . assertTrue ( self . project . query_user_logs ( project_name , status_code = 403 , * * USER_TEST ) == 0 , " test user can not see any logs " )
2021-01-16 12:34:43 +01:00
self . repo . delete_repository ( project_name , repo_name_admin . split ( ' / ' ) [ 1 ] , * * USER_ADMIN )
self . repo . delete_repository ( project_name , repo_name_dev . split ( ' / ' ) [ 1 ] , * * USER_ADMIN )
2020-08-17 08:51:18 +02:00
if __name__ == ' __main__ ' :
unittest . main ( )