Merge pull request #10345 from danfengliu/nightly-upgrade-refector-2

Nightly upgrade test refector
This commit is contained in:
danfengliu 2019-12-26 17:56:17 +08:00 committed by GitHub
commit 0db8b9cc95
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 651 additions and 267 deletions

View File

@ -226,6 +226,11 @@ Select Rule And Replicate
Retry Element Click ${replication_exec_id}
Retry Double Keywords When Error Retry Element Click xpath=${dialog_replicate} Retry Wait Until Page Not Contains Element xpath=${dialog_replicate}
Select Rule And Click Edit Button
[Arguments] ${rule_name}
Retry Element Click //clr-dg-row[contains(.,'${rule_name}')]//clr-radio-wrapper/label
Retry Element Click ${edit_replication_rule_id}
Delete Replication Rule
[Arguments] ${name}
Retry Element Click ${endpoint_filter_search}

View File

@ -26,7 +26,7 @@ Verify Project
Init Chrome Driver
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
:FOR ${project} IN @{project}
\ Page Should Contain ${project}
\ Retry Wait Until Page Contains ${project}
Verify Project Metadata ${json}
Close Browser
@ -56,10 +56,10 @@ Verify Project Metadata
\ Switch To Project Configuration
\ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.public ${project_config_public_checkbox}
\ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.enable_content_trust ${project_config_content_trust_checkbox}
\ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.automatically_scan_images_on_push ${project_config_scan_images_on_push_checkbox}
\ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.prevent_vulnerable_images_from_running ${project_config_prevent_vulnerable_images_from_running_checkbox}
\ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.auto_scan ${project_config_scan_images_on_push_checkbox}
\ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.prevent_vul ${project_config_prevent_vulnerable_images_from_running_checkbox}
\ ${ret} Get Selected List Value ${project_config_severity_select}
\ @{severity}= Get Value From Json ${json} $.projects[?(@.name=${project})].configuration.prevent_vlunerable_images_from_running_severity
\ @{severity}= Get Value From Json ${json} $.projects[?(@.name=${project})].configuration.severity
\ Should Contain ${ret} @{severity}[0]
\ Navigate To Projects
Close Browser
@ -145,12 +145,40 @@ Verify Endpoint
Verify Replicationrule
[Arguments] ${json}
@{replicationrule}= Get Value From Json ${json} $.replicationrule..name
Init Chrome Driver
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Switch To Replication Manage
:For ${replicationrule} IN @{replicationrule}
\ Page Should Contain ${replicationrule}
@{replicationrules}= Get Value From Json ${json} $.replicationrule.[*].rulename
@{endpoints}= Get Value From Json ${json} $.endpoint.[*].name
: FOR ${replicationrule} IN @{replicationrules}
\ Init Chrome Driver
\ Log To Console -----replicationrule-----"${replicationrule}"------------
\ Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
\ Switch To Replication Manage
\ Select Rule And Click Edit Button ${replicationrule}
\ @{is_src_registry}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].is_src_registry
\ @{trigger_type}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].trigger_type
\ @{name_filters}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].name_filters
\ @{tag_filters}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].tag_filters
\ @{dest_namespace}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].dest_namespace
\ @{cron}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].cron
\ @{is_src_registry}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].is_src_registry
\ Log To Console -----is_src_registry-----@{is_src_registry}[0]------------
\ @{endpoint}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].endpoint
\ Log To Console -----endpoint-----@{endpoint}------------
\ ${endpoint0}= Set Variable @{endpoint}[0]
\ Log To Console -----endpoint0-----${endpoint0}------------
\ @{endpoint_type}= Get Value From Json ${json} $.endpoint[?(@.name=${endpoint0})].type
\ Retry Textfield Value Should Be ${source_project} @{name_filters}[0]
\ Retry Textfield Value Should Be ${filter_tag} @{tag_filters}[0]
\ Retry Textfield Value Should Be ${rule_name_input} ${replicationrule}
\ Retry Textfield Value Should Be ${dest_namespace_xpath} @{dest_namespace}[0]
\ Log To Console -----endpoint_type-----@{endpoint_type}[0]------------
\ ${registry}= Set Variable If "@{endpoint_type}[0]"=="harbor" ${endpoint0}-https://${IP} ${endpoint0}-https://hub.docker.com
\ Log To Console -------registry---${registry}------------
\ Run Keyword If '@{is_src_registry}[0]' == '${true}' Retry List Selection Should Be ${src_registry_dropdown_list} ${registry}
\ ... ELSE Retry List Selection Should Be ${dest_registry_dropdown_list} ${registry}
\ #\ Retry List Selection Should Be ${rule_resource_selector} ${resource_type}
\ Retry List Selection Should Be ${rule_trigger_select} @{trigger_type}[0]
\ Run Keyword If '@{trigger_type}[0]' == 'scheduled' Log To Console ----------@{trigger_type}[0]------------
\ Run Keyword If '@{trigger_type}[0]' == 'scheduled' Retry Textfield Value Should Be ${targetCron_id} @{cron}[0]
Close Browser
Verify Project Setting

View File

@ -226,7 +226,7 @@ Command Should be Failed
Retry Keyword When Error
[Arguments] ${keyword} @{elements}
:For ${n} IN RANGE 1 6
\ Log To Console Trying ${keyword} ${n} times ...
\ Log To Console Trying ${keyword} elements @{elements} ${n} times ...
\ ${out} Run Keyword And Ignore Error ${keyword} @{elements}
\ Log To Console Return value is ${out[0]}
\ Exit For Loop If '${out[0]}'=='PASS'

View File

@ -31,24 +31,53 @@
"url":"http://url",
"name":"endpoint1",
"user":"admin",
"pass":"Harbor12345"
}
"pass":"Harbor12345",
"insecure":true,
"type":"harbor"
},
{
"url":"https://hub.docker.com",
"name":"endpoint2",
"user":"",
"pass":"",
"insecure":false,
"type":"docker-hub"
}
],
"replicationrule":[
{
"project":"project1",
"endpoint":"endpoint1",
"trigger":"Manual",
"rulename":"rulename"
"rulename":"rulename",
"is_src_registry":false,
"dest_namespace":"rule1-namespace",
"trigger_type":"event_based",
"cron":"",
"deletion":true,
"enabled":true,
"override":true,
"name_filters":"namefilter1",
"tag_filters":"tagfilter1"
},
{
"project":"library",
"endpoint":"endpoint1",
"endpoint":"endpoint2",
"trigger":"Manual",
"rulename":"rulelibrary"
}
],
"configuration":{
"rulename":"rulelibrary",
"endpoint_type":"harbor",
"is_src_registry":true,
"dest_namespace":"rule2-namespace",
"trigger_type":"scheduled",
"cron":"6 7 8 * * *",
"deletion":false,
"enabled":true,
"override":true,
"name_filters":"namefilter2",
"tag_filters":"tagfilter2"
}
],
"configuration":{
"authmode":"Database",
"projectcreation":"everyone",
"selfreg":false,
@ -68,6 +97,25 @@
"daily":0
}
},
"deployment_security":{
"cve":[
{
"id":"CVE-2019-12904"
},
{
"id":"CVE-2011-3389"
},
{
"id":"CVE-2018-12886"
},
{
"id":"CVE-2019-3844"
}
],
"never_expires":false,
"expires_at":"2572969600"
},
"webhooks_enabled":true,
"syslabel":[
{
"name":"label1"
@ -121,6 +169,10 @@
"role":3
}
],
"count_limit":1234,
"storage_limit":53687091200,
"storage_limit_for_verify":50,
"storage_unit_for_verify":"GB",
"replications":{
"rulename":"ruleproject1",
"endpointname":"endpoint1",
@ -143,12 +195,50 @@
"operation":"create"
}
],
"robot_account":[
{
"name":"robot0",
"access": [
{
"action": "pull"
},
{
"action": "push"
}
]
}
],
"webhook":{
"address":"https://1.1.1.1",
"skip_cert_verify":true,
"auth_header":"aaa",
"enabled":true
},
"configuration":{
"public":"true",
"enable_content_trust":"true",
"automatically_scan_images_on_push":"true",
"prevent_vulnerable_images_from_running":"true",
"prevent_vlunerable_images_from_running_severity":"high"
"auto_scan":"true",
"prevent_vul":"true",
"severity":"high",
"reuse_sys_cve_whitelist":"false",
"deployment_security":{
"cve":[
{
"id":"CVE-2019-111"
},
{
"id":"CVE-2011-2222"
},
{
"id":"CVE-2018-33333"
},
{
"id":"CVE-2019-44444"
}
],
"never_expires":false,
"expires_at":"2572969600"
}
}
},
{
@ -182,6 +272,10 @@
"role":3
}
],
"count_limit":-1,
"storage_limit":32985348833280,
"storage_limit_for_verify":30,
"storage_unit_for_verify":"TB",
"replications":{
"rulename":"rulename1",
"endpointname":"endpoint1",
@ -204,12 +298,52 @@
"operation":"create"
}
],
"robot_account":[
{
"name":"robot1",
"access": [
{
"action": "pull"
},
{
"action": "push"
}
]
},
{
"name":"robot2",
"access": [
{
"action": "pull"
}
]
},
{
"name":"robot3",
"access": [
{
"action": "push"
}
]
}
],
"webhook":{
"address":"https://1.1.1.1",
"skip_cert_verify":true,
"auth_header":"aaa",
"enabled":true
},
"configuration":{
"public":"false",
"enable_content_trust":"false",
"automatically_scan_images_on_push":"false",
"prevent_vulnerable_images_from_running":"true",
"prevent_vlunerable_images_from_running_severity":"medium"
"auto_scan":"false",
"prevent_vul":"true",
"severity":"medium",
"reuse_sys_cve_whitelist":"true",
"deployment_security":{
"cve":[
]
}
}
}
]

View File

@ -0,0 +1,192 @@
{
"create_project":[
{
"branch":1,
"version":"1.4"
},
{
"branch":1,
"version":"1.6"
},
{
"branch":1,
"version":"1.7"
},
{
"branch":1,
"version":"1.8"
},
{
"branch":2,
"version":"1.9"
},
{
"branch":2,
"version":"1.10"
}
],
"add_member":[
{
"branch":1,
"version":"1.4"
},
{
"branch":2,
"version":"1.6"
},
{
"branch":2,
"version":"1.7"
},
{
"branch":2,
"version":"1.8"
},
{
"branch":2,
"version":"1.9"
},
{
"branch":2,
"version":"1.10"
}
],
"set_user_admin":[
{
"branch":1,
"version":"1.4"
},
{
"branch":2,
"version":"1.6"
},
{
"branch":2,
"version":"1.7"
},
{
"branch":2,
"version":"1.8"
},
{
"branch":2,
"version":"1.9"
},
{
"branch":2,
"version":"1.10"
}
],
"add_endpoint":[
{
"branch":1,
"version":"1.4"
},
{
"branch":1,
"version":"1.6"
},
{
"branch":1,
"version":"1.7"
},
{
"branch":2,
"version":"1.8"
},
{
"branch":2,
"version":"1.9"
},
{
"branch":2,
"version":"1.10"
}
],
"add_replication_rule":[
{
"branch":1,
"version":"1.4"
},
{
"branch":1,
"version":"1.6"
},
{
"branch":1,
"version":"1.7"
},
{
"branch":2,
"version":"1.8"
},
{
"branch":2,
"version":"1.9"
},
{
"branch":2,
"version":"1.10"
}
],
"add_sys_whitelist":[
{
"branch":1,
"version":"1.9"
},
{
"branch":1,
"version":"1.10"
}
],
"update_project_setting_whitelist":[
{
"branch":1,
"version":"1.9"
},
{
"branch":1,
"version":"1.10"
}
],
"add_project_robot_account":[
{
"branch":1,
"version":"1.8"
},
{
"branch":1,
"version":"1.9"
},
{
"branch":1,
"version":"1.10"
}
],
"add_tag_retention_rule":[
{
"branch":1,
"version":"1.9"
},
{
"branch":1,
"version":"1.10"
}
],
"add_tag_immutability_rule":[
{
"branch":1,
"version":"1.10"
}
],
"add_webhook":[
{
"branch":1,
"version":"1.9"
},
{
"branch":1,
"version":"1.10"
}
]
}

View File

@ -1,8 +1,9 @@
import os
import sys
import json
import argparse
import requests
from functools import wraps
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
@ -15,9 +16,43 @@ url = "https://"+args.endpoint+"/api/"
endpoint_url = "https://"+args.endpoint
print url
with open("feature_map.json") as f:
feature_map = json.load(f)
def get_branch(func_name, version):
has_feature = False
for node in feature_map[func_name]:
has_feature = True
if node["version"] == version:
return node["branch"]
if has_feature is False:
return "No Restriction"
else:
return "Not Supported"
def get_feature_branch(func):
@wraps(func)
def inner_func(*args,**kwargs):
branch=get_branch(inner_func.__name__, kwargs.get("version"))
if branch == "No Restriction":
func(*args,**kwargs)
elif branch == "Not Supported":
print("Feature {} is not supported in version {}".format(inner_func.__name__, kwargs.get("version")))
else:
kwargs["branch"] = branch
func(*args,**kwargs)
return
return inner_func
class HarborAPI:
def create_project(self, project_name):
body=dict(body={"project_name": ""+project_name+"", "metadata": {"public": "true"}})
@get_feature_branch
def create_project(self, project, **kwargs):
if kwargs["branch"] == 1:
body=dict(body={"project_name": ""+project["name"]+"", "metadata": {"public": "true"}})
elif kwargs["branch"] == 2:
body=dict(body={"project_name": ""+project["name"]+"", "metadata": {"public": "true"},"count_limit":project["count_limit"],"storage_limit":project["storage_limit"]})
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
request(url+"projects", 'post', **body)
def create_user(self, username):
@ -25,65 +60,135 @@ class HarborAPI:
body=dict(body=payload)
request(url+"users", 'post', **body)
def set_user_admin(self, user):
@get_feature_branch
def set_user_admin(self, user, **kwargs):
r = request(url+"users?username="+user+"", 'get')
userid = str(r.json()[0]['user_id'])
if args.version == "1.6":
body=dict(body={"sysadmin_flag": True})
if kwargs["branch"] == 1:
body=dict(body={"has_admin_role": 1})
elif kwargs["branch"] == 2:
body=dict(body={"has_admin_role": True})
else:
body=dict(body={"sysadmin_flag": 1})
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
request(url+"users/"+userid+"/sysadmin", 'put', **body)
def add_member(self, project, user, role):
@get_feature_branch
def add_member(self, project, user, role, **kwargs):
r = request(url+"projects?name="+project+"", 'get')
projectid = str(r.json()[0]['project_id'])
if args.version == "1.6":
if kwargs["branch"] == 1:
payload = {"roles": [role], "username":""+user+""}
elif kwargs["branch"] == 2:
payload = {"member_user":{ "username": ""+user+""},"role_id": role}
else:
payload = {"roles": [role], "username":""+user+""}
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
body=dict(body=payload)
request(url+"projects/"+projectid+"/members", 'post', **body)
def add_endpoint(self, endpointurl, endpointname, username, password, insecure):
payload = {
"credential":{
"access_key":""+username+"",
"access_secret":""+password+"",
"type":"basic"
},
"insecure":insecure,
"name":""+endpointname+"",
"type":"harbor",
"url":""+endpoint_url+""
}
body=dict(body=payload)
print body
request(url+"/registries", 'post', **body)
@get_feature_branch
def add_endpoint(self, endpointurl, endpointname, username, password, insecure, registry_type, **kwargs):
if kwargs["branch"] == 1:
payload = {"endpoint": ""+endpointurl+"", "name": ""+endpointname+"", "username": ""+username+"", "password": ""+password+"", "insecure": insecure}
body=dict(body=payload)
request(url+"targets", 'post', **body)
elif kwargs["branch"] == 2:
if registry_type == "harbor":
endpointurl = endpoint_url
payload = {
"credential":{
"access_key":""+username+"",
"access_secret":""+password+"",
"type":"basic"
},
"insecure":insecure,
"name":""+endpointname+"",
"type":""+registry_type+"",
"url":""+endpointurl+""
}
body=dict(body=payload)
print body
request(url+"/registries", 'post', **body)
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
def add_replication_rule(self, project, target, trigger, rulename):
r = request(url+"registries?name="+target+"", 'get')
targetid = r.json()[0]['id']
payload = {"name": ""+rulename+"", "deletion": False, "enabled": True, "description": "string", "dest_registry": {"id": targetid},"trigger": {"type": "manual"}}
body=dict(body=payload)
request(url+"replication/policies", 'post', **body)
@get_feature_branch
def add_replication_rule(self, replicationrule, **kwargs):
if kwargs["branch"] == 1:
r = request(url+"projects?name="+replicationrule["project"]+"", 'get')
projectid = r.json()[0]['project_id']
r = request(url+"targets?name="+replicationrule["endpoint"]+"", 'get')
targetid = r.json()[0]['id']
payload = {"name": ""+replicationrule["rulename"]+"", "description": "string", "projects": [{"project_id": projectid,}], "targets": [{"id": targetid,}], "trigger": {"kind": ""+replicationrule["trigger"]+"", "schedule_param": {"type": "weekly", "weekday": 1, "offtime": 0}}}
body=dict(body=payload)
request(url+"policies/replication", 'post', **body)
elif kwargs["branch"] == 2:
r = request(url+"registries?name="+replicationrule["endpoint"]+"", 'get')
targetid = r.json()[0]['id']
if replicationrule["is_src_registry"] is True:
registry = r'"src_registry": { "id": '+str(targetid)+r'},'
else:
registry = r'"dest_registry": { "id": '+str(targetid)+r'},'
def update_project_setting(self, project, public, contenttrust, preventrunning, preventseverity, scanonpush):
body=dict(body=json.loads(r'{"name":"'+replicationrule["rulename"].encode('utf-8')+r'","dest_namespace":"'+replicationrule["dest_namespace"].encode('utf-8')+r'","deletion": '+str(replicationrule["deletion"]).lower()+r',"enabled": '+str(replicationrule["enabled"]).lower()+r',"override": '+str(replicationrule["override"]).lower()+r',"description": "string",'+ registry + r'"trigger":{"type": "'+replicationrule["trigger_type"]+r'", "trigger_settings":{"cron":"'+replicationrule["cron"]+r'"}},"filters":[ {"type":"name","value":"'+replicationrule["name_filters"]+r'"},{"type":"tag","value":"'+replicationrule["tag_filters"]+r'"}]}'))
print body
request(url+"replication/policies", 'post', **body)
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
#@get_feature_branch
def update_project_setting_metadata(self, project, public, contenttrust, preventrunning, preventseverity, scanonpush):
r = request(url+"projects?name="+project+"", 'get')
projectid = str(r.json()[0]['project_id'])
payload = {
"project_name": ""+project+"",
"metadata": {
"public": public,
"enable_content_trust": contenttrust,
"prevent_vulnerable_images_from_running": preventrunning,
"prevent_vulnerable_images_from_running_severity": preventseverity,
"automatically_scan_images_on_push": scanonpush
"prevent_vul": preventrunning,
"severity": preventseverity,
"auto_scan": scanonpush
}
}
body=dict(body=payload)
print body
request(url+"projects/"+projectid+"", 'put', **body)
@get_feature_branch
def add_sys_whitelist(self, cve_id_list, **kwargs):
cve_id_str = ""
if kwargs["branch"] == 1:
for index, cve_id in enumerate(cve_id_list["cve"]):
cve_id_str = cve_id_str + '{"cve_id":"' +cve_id["id"] + '"}'
if index != len(cve_id_list["cve"]) - 1:
cve_id_str = cve_id_str + ","
body=dict(body=json.loads(r'{"items":['+cve_id_str.encode('utf-8')+r'],"expires_at":'+cve_id_list["expires_at"]+'}'))
request(url+"system/CVEWhitelist", 'put', **body)
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
@get_feature_branch
def update_project_setting_whitelist(self, project, reuse_sys_cve_whitelist, cve_id_list, **kwargs):
r = request(url+"projects?name="+project+"", 'get')
projectid = str(r.json()[0]['project_id'])
cve_id_str = ""
if kwargs["branch"] == 1:
for index, cve_id in enumerate(cve_id_list["cve"]):
cve_id_str = cve_id_str + '{"cve_id":"' +cve_id["id"] + '"}'
if index != len(cve_id_list["cve"]) - 1:
cve_id_str = cve_id_str + ","
print cve_id_str
if reuse_sys_cve_whitelist == "true":
payload = r'{"metadata":{"reuse_sys_cve_whitelist":"true"}}'
else:
payload = r'{"metadata":{"reuse_sys_cve_whitelist":"false"},"cve_whitelist":{"project_id":'+projectid+',"items":['+cve_id_str.encode('utf-8')+r'],"expires_at":'+cve_id_list["expires_at"]+'}}'
print payload
body=dict(body=json.loads(payload))
request(url+"projects/"+projectid+"", 'put', **body)
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
def update_systemsetting(self, emailfrom, emailhost, emailport, emailuser, creation, selfreg, token):
payload = {
"auth_mode": "db_auth",
@ -108,6 +213,78 @@ class HarborAPI:
body=dict(body=payload)
request(url+"configurations", 'put', **body)
@get_feature_branch
def add_project_robot_account(self, project, robot_account, **kwargs):
r = request(url+"projects?name="+project+"", 'get')
projectid = str(r.json()[0]['project_id'])
if kwargs["branch"] == 1:
if len(robot_account["access"]) == 1:
robot_account_ac = robot_account["access"][0]
payload = {
"name": robot_account["name"],
"access": [
{
"resource": "/project/"+projectid+"/repository",
"action": robot_account_ac["action"]
}
]
}
elif len(robot_account["access"]) == 2:
payload = {
"name": robot_account["name"],
"access": [
{
"resource": "/project/"+projectid+"/repository",
"action": "pull"
},
{
"resource": "/project/"+projectid+"/repository",
"action": "push"
}
]
}
else:
raise Exception(r"Error: Robot account count {} is not legal!".format(len(robot_account["access"])))
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
print payload
body=dict(body=payload)
request(url+"projects/"+projectid+"/robots", 'post', **body)
@get_feature_branch
def add_tag_retention_rule(self, project, robot_account, **kwargs):
return
@get_feature_branch
def add_webhook(self, webhook, **kwargs):
if kwargs["branch"] == 1:
payload = {
"targets":[
{
"type":"http",
"address":webhook["address"],
"skip_cert_verify":webhook["skip_cert_verify"],
"auth_header":webhook["auth_header"]
}
],
"event_types":[
"downloadChart",
"deleteChart",
"uploadChart",
"deleteImage",
"pullImage",
"pushImage",
"scanningFailed",
"scanningCompleted"
],
"enabled":+webhook["enabled"]
}
body=dict(body=payload)
request(url+"system/CVEWhitelist", 'put', **body)
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, kwargs["branch"]))
def update_repoinfo(self, reponame):
payload = {"description": "testdescription"}
body=dict(body=payload)
@ -125,6 +302,7 @@ class HarborAPI:
try:
os.makedirs(ca_path)
except Exception, e:
print str(e)
pass
open(target, 'wb').write(ca_content)
@ -155,7 +333,7 @@ def pull_image(*image):
def push_image(image, project):
os.system("docker tag "+image+" "+args.endpoint+"/"+project+"/"+image)
os.system("docker login "+args.endpoint+" -u Admin"+" -p Harbor12345")
os.system("docker login "+args.endpoint+" -u admin"+" -p Harbor12345")
os.system("docker push "+args.endpoint+"/"+project+"/"+image)
def push_signed_image(image, project, tag):
@ -169,30 +347,39 @@ def do_data_creation():
harborAPI.create_user(user["name"])
for user in data["admin"]:
harborAPI.set_user_admin(user["name"])
harborAPI.set_user_admin(user["name"], version=args.version)
for project in data["projects"]:
harborAPI.create_project(project["name"])
harborAPI.create_project(project, version=args.version)
for member in project["member"]:
harborAPI.add_member(project["name"], member["name"], member["role"])
harborAPI.add_member(project["name"], member["name"], member["role"], version=args.version)
for robot_account in project["robot_account"]:
harborAPI.add_project_robot_account(project["name"], robot_account, version=args.version)
harborAPI.add_webhook(project["webhook"], version=args.version)
pull_image("busybox", "redis", "haproxy", "alpine", "httpd:2")
push_image("busybox", data["projects"][0]["name"])
push_signed_image("alpine", data["projects"][0]["name"], "latest")
for endpoint in data["endpoint"]:
harborAPI.add_endpoint(endpoint["url"], endpoint["name"], endpoint["user"], endpoint["pass"], True)
harborAPI.add_endpoint(endpoint["url"], endpoint["name"], endpoint["user"], endpoint["pass"], endpoint["insecure"], endpoint["type"], version=args.version)
for replicationrule in data["replicationrule"]:
harborAPI.add_replication_rule(replicationrule["project"],
replicationrule["endpoint"], replicationrule["trigger"],
replicationrule["rulename"])
harborAPI.add_replication_rule(replicationrule, version=args.version)
for project in data["projects"]:
harborAPI.update_project_setting(project["name"],
harborAPI.update_project_setting_metadata(project["name"],
project["configuration"]["public"],
project["configuration"]["enable_content_trust"],
project["configuration"]["prevent_vulnerable_images_from_running"],
project["configuration"]["prevent_vlunerable_images_from_running_severity"],
project["configuration"]["automatically_scan_images_on_push"])
project["configuration"]["prevent_vul"],
project["configuration"]["severity"],
project["configuration"]["auto_scan"])
for project in data["projects"]:
harborAPI.update_project_setting_whitelist(project["name"],
project["configuration"]["reuse_sys_cve_whitelist"],
project["configuration"]["deployment_security"],version=args.version)
harborAPI.update_systemsetting(data["configuration"]["emailsetting"]["emailfrom"],
data["configuration"]["emailsetting"]["emailserver"],
float(data["configuration"]["emailsetting"]["emailport"]),
@ -200,4 +387,7 @@ def do_data_creation():
data["configuration"]["projectcreation"],
data["configuration"]["selfreg"],
float(data["configuration"]["token"]))
harborAPI.add_sys_whitelist(data["configuration"]["deployment_security"],version=args.version)
do_data_creation()

View File

@ -1,193 +0,0 @@
import os
import json
import argparse
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
parser = argparse.ArgumentParser(description='The script to generate data for harbor v1.4.0')
parser.add_argument('--endpoint', '-e', dest='endpoint', required=True, help='The endpoint to harbor')
parser.add_argument('--version', '-v', dest='version', required=False, help='The version to harbor')
args = parser.parse_args()
url = "https://"+args.endpoint+"/api/"
print url
class HarborAPI:
def create_project(self, project_name):
body=dict(body={"project_name": ""+project_name+"", "metadata": {"public": "true"}})
request(url+"projects", 'post', **body)
def create_user(self, username):
payload = {"username":username, "email":username+"@vmware.com", "password":"Harbor12345", "realname":username, "comment":"string"}
body=dict(body=payload)
request(url+"users", 'post', **body)
def set_user_admin(self, user):
r = request(url+"users?username="+user+"", 'get')
userid = str(r.json()[0]['user_id'])
if args.version == "1.6":
body=dict(body={"sysadmin_flag": True})
else:
body=dict(body={"sysadmin_flag": 1})
request(url+"users/"+userid+"/sysadmin", 'put', **body)
def add_member(self, project, user, role):
r = request(url+"projects?name="+project+"", 'get')
projectid = str(r.json()[0]['project_id'])
if args.version == "1.6":
payload = {"member_user":{ "username": ""+user+""},"role_id": role}
else:
payload = {"roles": [role], "username":""+user+""}
body=dict(body=payload)
request(url+"projects/"+projectid+"/members", 'post', **body)
def add_endpoint(self, endpointurl, endpointname, username, password, insecure):
payload = {"endpoint": ""+endpointurl+"", "name": ""+endpointname+"", "username": ""+username+"", "password": ""+password+"", "insecure": insecure}
body=dict(body=payload)
request(url+"targets", 'post', **body)
def add_replication_rule(self, project, target, trigger, rulename):
r = request(url+"projects?name="+project+"", 'get')
projectid = r.json()[0]['project_id']
r = request(url+"targets?name="+target+"", 'get')
targetid = r.json()[0]['id']
payload = {"name": ""+rulename+"", "description": "string", "projects": [{"project_id": projectid,}], "targets": [{"id": targetid,}], "trigger": {"kind": ""+trigger+"", "schedule_param": {"type": "weekly", "weekday": 1, "offtime": 0}}}
body=dict(body=payload)
request(url+"policies/replication", 'post', **body)
def update_project_setting(self, project, public, contenttrust, preventrunning, preventseverity, scanonpush):
r = request(url+"projects?name="+project+"", 'get')
projectid = str(r.json()[0]['project_id'])
payload = {
"metadata": {
"public": public,
"enable_content_trust": contenttrust,
"prevent_vul": preventrunning,
"severity": preventseverity,
"auto_scan": scanonpush
}
}
body=dict(body=payload)
request(url+"projects/"+projectid+"", 'put', **body)
def update_systemsetting(self, emailfrom, emailhost, emailport, emailuser, creation, selfreg, token):
payload = {
"auth_mode": "db_auth",
"email_from": emailfrom,
"email_host": emailhost,
"email_port": emailport,
"email_identity": "string",
"email_username": emailuser,
"email_ssl": True,
"email_insecure": True,
"project_creation_restriction": creation,
"read_only": False,
"self_registration": selfreg,
"token_expiration": token,
"scan_all_policy": {
"type": "none",
"parameter": {
"daily_time": 0
}
}
}
body=dict(body=payload)
request(url+"configurations", 'put', **body)
def update_repoinfo(self, reponame):
payload = {"description": "testdescription"}
body=dict(body=payload)
request(url+"repositories/"+reponame+"", 'put', **body)
def get_ca(self, target='/harbor/ca/ca.crt'):
url = "https://" + args.endpoint + "/api/systeminfo/getcert"
resp = request(url, 'get')
try:
ca_content = json.loads(resp.text)
except ValueError:
ca_content = resp.text
ca_path = '/harbor/ca'
if not os.path.exists(ca_path):
try:
os.makedirs(ca_path)
except Exception, e:
pass
open(target, 'wb').write(ca_content)
def request(url, method, user = None, userp = None, **kwargs):
if user is None:
user = "admin"
if userp is None:
userp = "Harbor12345"
kwargs.setdefault('headers', kwargs.get('headers', {}))
kwargs['headers']['Accept'] = 'application/json'
if 'body' in kwargs:
kwargs['headers']['Content-Type'] = 'application/json'
kwargs['data'] = json.dumps(kwargs['body'])
del kwargs['body']
resp = requests.request(method, url, verify=False, auth=(user, userp), **kwargs)
if resp.status_code >= 400:
raise Exception("[Exception Message] - {}".format(resp.text))
return resp
with open("data.json") as f:
data = json.load(f)
def pull_image(*image):
for i in image:
os.system("docker pull "+i)
def push_image(image, project):
os.system("docker tag "+image+" "+args.endpoint+"/"+project+"/"+image)
os.system("docker login "+args.endpoint+" -u Admin"+" -p Harbor12345")
os.system("docker push "+args.endpoint+"/"+project+"/"+image)
def push_signed_image(image, project, tag):
os.system("./sign_image.sh" + " " + args.endpoint + " " + project + " " + image + " " + tag)
def do_data_creation():
harborAPI = HarborAPI()
harborAPI.get_ca()
for user in data["users"]:
harborAPI.create_user(user["name"])
for user in data["admin"]:
harborAPI.set_user_admin(user["name"])
for project in data["projects"]:
harborAPI.create_project(project["name"])
for member in project["member"]:
harborAPI.add_member(project["name"], member["name"], member["role"])
pull_image("busybox", "redis", "haproxy", "alpine", "httpd:2")
push_image("busybox", data["projects"][0]["name"])
push_signed_image("alpine", data["projects"][0]["name"], "latest")
for endpoint in data["endpoint"]:
harborAPI.add_endpoint(endpoint["url"], endpoint["name"], endpoint["user"], endpoint["pass"], False)
for replicationrule in data["replicationrule"]:
harborAPI.add_replication_rule(replicationrule["project"],
replicationrule["endpoint"], replicationrule["trigger"],
replicationrule["rulename"])
for project in data["projects"]:
harborAPI.update_project_setting(project["name"],
project["configuration"]["public"],
project["configuration"]["enable_content_trust"],
project["configuration"]["prevent_vulnerable_images_from_running"],
project["configuration"]["prevent_vlunerable_images_from_running_severity"],
project["configuration"]["automatically_scan_images_on_push"])
harborAPI.update_systemsetting(data["configuration"]["emailsetting"]["emailfrom"],
data["configuration"]["emailsetting"]["emailserver"],
float(data["configuration"]["emailsetting"]["emailport"]),
data["configuration"]["emailsetting"]["emailuser"],
data["configuration"]["projectcreation"],
data["configuration"]["selfreg"],
float(data["configuration"]["token"]))
do_data_creation()

View File

@ -9,13 +9,41 @@ ${HARBOR_ADMIN} admin
*** Test Cases ***
Test Case - Upgrade Verify
[Tags] 1.8-latest
${data}= Load Json From File ${CURDIR}${/}data.json
Log To Console "Verify User..."
Run Keyword Verify User ${data}
Log To Console "Verify Project..."
Run Keyword Verify Project ${data}
Log To Console "Verify Member Exist..."
Run Keyword Verify Member Exist ${data}
#Run Keyword Verify Robot Account Exist ${data}
Log To Console "Verify User System Admin Role..."
Run Keyword Verify User System Admin Role ${data}
Log To Console "Verify Endpoint..."
Run Keyword Verify Endpoint ${data}
Log To Console "Verify Replicationrule..."
Run Keyword Verify Replicationrule ${data}
Log To Console "Verify Project Setting..."
Run Keyword Verify Project Setting ${data}
Log To Console "Verify System Setting..."
Run Keyword Verify System Setting ${data}
Log To Console "Verify Image Tag..."
Run Keyword Verify Image Tag ${data}
Test Case - Upgrade Verify
[Tags] 1.9-latest
${data}= Load Json From File ${CURDIR}${/}data.json
Run Keyword Verify User ${data}
Run Keyword Verify Project ${data}
Run Keyword Verify Member Exist ${data}
#Run Keyword Verify Robot Account Exist ${data}
Run Keyword Verify Project-level Whitelist ${data}
#Run Keyword Verify Webhook ${data}
Run Keyword Verify User System Admin Role ${data}
Run Keyword Verify Endpoint ${data}
Run Keyword Verify Replicationrule ${data}
Run Keyword Verify Project Setting ${data}
Run Keyword Verify System Setting ${data}
#Run Keyword Verify System Setting Whitelist ${data}
Run Keyword Verify Image Tag ${data}