Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-12-18 22:57:38 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #10345 from danfengliu/nightly-upgrade-refector-2

Browse Source 
Nightly upgrade test refector
This commit is contained in:
danfengliu 2019-12-26 17:56:17 +08:00 committed by GitHub
commit 0db8b9cc95
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 651 additions and 267 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tests/resources/Harbor-Pages/Replication.robot
View File

@ -226,6 +226,11 @@ Select Rule And Replicate
Retry Element Click ${replication_exec_id} Retry Element Click ${replication_exec_id}
Retry Double Keywords When Error Retry Element Click xpath=${dialog_replicate} Retry Wait Until Page Not Contains Element xpath=${dialog_replicate} Retry Double Keywords When Error Retry Element Click xpath=${dialog_replicate} Retry Wait Until Page Not Contains Element xpath=${dialog_replicate}
Select Rule And Click Edit Button
[Arguments] ${rule_name}
Retry Element Click //clr-dg-row[contains(.,'${rule_name}')]//clr-radio-wrapper/label
Retry Element Click ${edit_replication_rule_id}
Delete Replication Rule Delete Replication Rule
[Arguments] ${name} [Arguments] ${name}
Retry Element Click ${endpoint_filter_search} Retry Element Click ${endpoint_filter_search}

48
tests/resources/Harbor-Pages/Verify.robot
View File

@ -26,7 +26,7 @@ Verify Project
Init Chrome Driver Init Chrome Driver
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
:FOR ${project} IN @{project} :FOR ${project} IN @{project}
\ Page Should Contain ${project} \ Retry Wait Until Page Contains ${project}
Verify Project Metadata ${json} Verify Project Metadata ${json}
Close Browser Close Browser
@ -56,10 +56,10 @@ Verify Project Metadata
\ Switch To Project Configuration \ Switch To Project Configuration
\ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.public ${project_config_public_checkbox} \ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.public ${project_config_public_checkbox}
\ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.enable_content_trust ${project_config_content_trust_checkbox} \ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.enable_content_trust ${project_config_content_trust_checkbox}
\ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.automatically_scan_images_on_push ${project_config_scan_images_on_push_checkbox} \ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.auto_scan ${project_config_scan_images_on_push_checkbox}
\ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.prevent_vulnerable_images_from_running ${project_config_prevent_vulnerable_images_from_running_checkbox} \ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.prevent_vul ${project_config_prevent_vulnerable_images_from_running_checkbox}
\ ${ret} Get Selected List Value ${project_config_severity_select} \ ${ret} Get Selected List Value ${project_config_severity_select}
\ @{severity}= Get Value From Json ${json} $.projects[?(@.name=${project})].configuration.prevent_vlunerable_images_from_running_severity \ @{severity}= Get Value From Json ${json} $.projects[?(@.name=${project})].configuration.severity
\ Should Contain ${ret} @{severity}[0] \ Should Contain ${ret} @{severity}[0]
\ Navigate To Projects \ Navigate To Projects
Close Browser Close Browser
@ -145,12 +145,40 @@ Verify Endpoint
Verify Replicationrule Verify Replicationrule
[Arguments] ${json} [Arguments] ${json}
@{replicationrule}= Get Value From Json ${json} $.replicationrule..name @{replicationrules}= Get Value From Json ${json} $.replicationrule.[*].rulename
Init Chrome Driver @{endpoints}= Get Value From Json ${json} $.endpoint.[*].name
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} : FOR ${replicationrule} IN @{replicationrules}
Switch To Replication Manage \ Init Chrome Driver
:For ${replicationrule} IN @{replicationrule} \ Log To Console -----replicationrule-----"${replicationrule}"------------
\ Page Should Contain ${replicationrule} \ Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
\ Switch To Replication Manage
\ Select Rule And Click Edit Button ${replicationrule}
\ @{is_src_registry}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].is_src_registry
\ @{trigger_type}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].trigger_type
\ @{name_filters}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].name_filters
\ @{tag_filters}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].tag_filters
\ @{dest_namespace}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].dest_namespace
\ @{cron}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].cron
\ @{is_src_registry}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].is_src_registry
\ Log To Console -----is_src_registry-----@{is_src_registry}[0]------------
\ @{endpoint}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].endpoint
\ Log To Console -----endpoint-----@{endpoint}------------
\ ${endpoint0}= Set Variable @{endpoint}[0]
\ Log To Console -----endpoint0-----${endpoint0}------------
\ @{endpoint_type}= Get Value From Json ${json} $.endpoint[?(@.name=${endpoint0})].type
\ Retry Textfield Value Should Be ${source_project} @{name_filters}[0]
\ Retry Textfield Value Should Be ${filter_tag} @{tag_filters}[0]
\ Retry Textfield Value Should Be ${rule_name_input} ${replicationrule}
\ Retry Textfield Value Should Be ${dest_namespace_xpath} @{dest_namespace}[0]
\ Log To Console -----endpoint_type-----@{endpoint_type}[0]------------
\ ${registry}= Set Variable If "@{endpoint_type}[0]"=="harbor" ${endpoint0}-https://${IP} ${endpoint0}-https://hub.docker.com
\ Log To Console -------registry---${registry}------------
\ Run Keyword If '@{is_src_registry}[0]' == '${true}' Retry List Selection Should Be ${src_registry_dropdown_list} ${registry}
\ ... ELSE Retry List Selection Should Be ${dest_registry_dropdown_list} ${registry}
\ #\ Retry List Selection Should Be ${rule_resource_selector} ${resource_type}
\ Retry List Selection Should Be ${rule_trigger_select} @{trigger_type}[0]
\ Run Keyword If '@{trigger_type}[0]' == 'scheduled' Log To Console ----------@{trigger_type}[0]------------
\ Run Keyword If '@{trigger_type}[0]' == 'scheduled' Retry Textfield Value Should Be ${targetCron_id} @{cron}[0]
Close Browser Close Browser
Verify Project Setting Verify Project Setting

2
tests/resources/Util.robot
View File

@ -226,7 +226,7 @@ Command Should be Failed
Retry Keyword When Error Retry Keyword When Error
[Arguments] ${keyword} @{elements} [Arguments] ${keyword} @{elements}
:For ${n} IN RANGE 1 6 :For ${n} IN RANGE 1 6
\ Log To Console Trying ${keyword} ${n} times ... \ Log To Console Trying ${keyword} elements @{elements} ${n} times ...
\ ${out} Run Keyword And Ignore Error ${keyword} @{elements} \ ${out} Run Keyword And Ignore Error ${keyword} @{elements}
\ Log To Console Return value is ${out[0]} \ Log To Console Return value is ${out[0]}
\ Exit For Loop If '${out[0]}'=='PASS' \ Exit For Loop If '${out[0]}'=='PASS'

162
tests/robot-cases/Group3-Upgrade/data.json
View File

@ -31,24 +31,53 @@
"url":"http://url", "url":"http://url",
"name":"endpoint1", "name":"endpoint1",
"user":"admin", "user":"admin",
"pass":"Harbor12345" "pass":"Harbor12345",
} "insecure":true,
"type":"harbor"
},
{
"url":"https://hub.docker.com",
"name":"endpoint2",
"user":"",
"pass":"",
"insecure":false,
"type":"docker-hub"
}
], ],
"replicationrule":[ "replicationrule":[
{ {
"project":"project1", "project":"project1",
"endpoint":"endpoint1", "endpoint":"endpoint1",
"trigger":"Manual", "trigger":"Manual",
"rulename":"rulename" "rulename":"rulename",
"is_src_registry":false,
"dest_namespace":"rule1-namespace",
"trigger_type":"event_based",
"cron":"",
"deletion":true,
"enabled":true,
"override":true,
"name_filters":"namefilter1",
"tag_filters":"tagfilter1"
}, },
{ {
"project":"library", "project":"library",
"endpoint":"endpoint1", "endpoint":"endpoint2",
"trigger":"Manual", "trigger":"Manual",
"rulename":"rulelibrary" "rulename":"rulelibrary",
} "endpoint_type":"harbor",
], "is_src_registry":true,
"configuration":{ "dest_namespace":"rule2-namespace",
"trigger_type":"scheduled",
"cron":"6 7 8 * * *",
"deletion":false,
"enabled":true,
"override":true,
"name_filters":"namefilter2",
"tag_filters":"tagfilter2"
}
],
"configuration":{
"authmode":"Database", "authmode":"Database",
"projectcreation":"everyone", "projectcreation":"everyone",
"selfreg":false, "selfreg":false,
@ -68,6 +97,25 @@
"daily":0 "daily":0
} }
}, },
"deployment_security":{
"cve":[
{
"id":"CVE-2019-12904"
},
{
"id":"CVE-2011-3389"
},
{
"id":"CVE-2018-12886"
},
{
"id":"CVE-2019-3844"
}
],
"never_expires":false,
"expires_at":"2572969600"
},
"webhooks_enabled":true,
"syslabel":[ "syslabel":[
{ {
"name":"label1" "name":"label1"
@ -121,6 +169,10 @@
"role":3 "role":3
} }
], ],
"count_limit":1234,
"storage_limit":53687091200,
"storage_limit_for_verify":50,
"storage_unit_for_verify":"GB",
"replications":{ "replications":{
"rulename":"ruleproject1", "rulename":"ruleproject1",
"endpointname":"endpoint1", "endpointname":"endpoint1",
@ -143,12 +195,50 @@
"operation":"create" "operation":"create"
} }
], ],
"robot_account":[
{
"name":"robot0",
"access": [
{
"action": "pull"
},
{
"action": "push"
}
]
}
],
"webhook":{
"address":"https://1.1.1.1",
"skip_cert_verify":true,
"auth_header":"aaa",
"enabled":true
},
"configuration":{ "configuration":{
"public":"true", "public":"true",
"enable_content_trust":"true", "enable_content_trust":"true",
"automatically_scan_images_on_push":"true", "auto_scan":"true",
"prevent_vulnerable_images_from_running":"true", "prevent_vul":"true",
"prevent_vlunerable_images_from_running_severity":"high" "severity":"high",
"reuse_sys_cve_whitelist":"false",
"deployment_security":{
"cve":[
{
"id":"CVE-2019-111"
},
{
"id":"CVE-2011-2222"
},
{
"id":"CVE-2018-33333"
},
{
"id":"CVE-2019-44444"
}
],
"never_expires":false,
"expires_at":"2572969600"
}
} }
}, },
{ {
@ -182,6 +272,10 @@
"role":3 "role":3
} }
], ],
"count_limit":-1,
"storage_limit":32985348833280,
"storage_limit_for_verify":30,
"storage_unit_for_verify":"TB",
"replications":{ "replications":{
"rulename":"rulename1", "rulename":"rulename1",
"endpointname":"endpoint1", "endpointname":"endpoint1",
@ -204,12 +298,52 @@
"operation":"create" "operation":"create"
} }
], ],
"robot_account":[
{
"name":"robot1",
"access": [
{
"action": "pull"
},
{
"action": "push"
}
]
},
{
"name":"robot2",
"access": [
{
"action": "pull"
}
]
},
{
"name":"robot3",
"access": [
{
"action": "push"
}
]
}
],
"webhook":{
"address":"https://1.1.1.1",
"skip_cert_verify":true,
"auth_header":"aaa",
"enabled":true
},
"configuration":{ "configuration":{
"public":"false", "public":"false",
"enable_content_trust":"false", "enable_content_trust":"false",
"automatically_scan_images_on_push":"false", "auto_scan":"false",
"prevent_vulnerable_images_from_running":"true", "prevent_vul":"true",
"prevent_vlunerable_images_from_running_severity":"medium" "severity":"medium",
"reuse_sys_cve_whitelist":"true",
"deployment_security":{
"cve":[
]
}
} }
} }
] ]

192
tests/robot-cases/Group3-Upgrade/feature_map.json Normal file
View File

@ -0,0 +1,192 @@
{
"create_project":[
{
"branch":1,
"version":"1.4"
},
{
"branch":1,
"version":"1.6"
},
{
"branch":1,
"version":"1.7"
},
{
"branch":1,
"version":"1.8"
},
{
"branch":2,
"version":"1.9"
},
{
"branch":2,
"version":"1.10"
}
],
"add_member":[
{
"branch":1,
"version":"1.4"
},
{
"branch":2,
"version":"1.6"
},
{
"branch":2,
"version":"1.7"
},
{
"branch":2,
"version":"1.8"
},
{
"branch":2,
"version":"1.9"
},
{
"branch":2,
"version":"1.10"
}
],
"set_user_admin":[
{
"branch":1,
"version":"1.4"
},
{
"branch":2,
"version":"1.6"
},
{
"branch":2,
"version":"1.7"
},
{
"branch":2,
"version":"1.8"
},
{
"branch":2,
"version":"1.9"
},
{
"branch":2,
"version":"1.10"
}
],
"add_endpoint":[
{
"branch":1,
"version":"1.4"
},
{
"branch":1,
"version":"1.6"
},
{
"branch":1,
"version":"1.7"
},
{
"branch":2,
"version":"1.8"
},
{
"branch":2,
"version":"1.9"
},
{
"branch":2,
"version":"1.10"
}
],
"add_replication_rule":[
{
"branch":1,
"version":"1.4"
},
{
"branch":1,
"version":"1.6"
},
{
"branch":1,
"version":"1.7"
},
{
"branch":2,
"version":"1.8"
},
{
"branch":2,
"version":"1.9"
},
{
"branch":2,
"version":"1.10"
}
],
"add_sys_whitelist":[
{
"branch":1,
"version":"1.9"
},
{
"branch":1,
"version":"1.10"
}
],
"update_project_setting_whitelist":[
{
"branch":1,
"version":"1.9"
},
{
"branch":1,
"version":"1.10"
}
],
"add_project_robot_account":[
{
"branch":1,
"version":"1.8"
},
{
"branch":1,
"version":"1.9"
},
{
"branch":1,
"version":"1.10"
}
],
"add_tag_retention_rule":[
{
"branch":1,
"version":"1.9"
},
{
"branch":1,
"version":"1.10"
}
],
"add_tag_immutability_rule":[
{
"branch":1,
"version":"1.10"
}
],
"add_webhook":[
{
"branch":1,
"version":"1.9"
},
{
"branch":1,
"version":"1.10"
}
]
}

288
tests/robot-cases/Group3-Upgrade/prepare.py
View File

@ -1,8 +1,9 @@
import os import os
import sys
import json import json
import argparse import argparse
import requests import requests
from functools import wraps
from requests.packages.urllib3.exceptions import InsecureRequestWarning from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
@ -15,9 +16,43 @@ url = "https://"+args.endpoint+"/api/"
endpoint_url = "https://"+args.endpoint endpoint_url = "https://"+args.endpoint
print url print url
with open("feature_map.json") as f:
feature_map = json.load(f)
def get_branch(func_name, version):
has_feature = False
for node in feature_map[func_name]:
has_feature = True
if node["version"] == version:
return node["branch"]
if has_feature is False:
return "No Restriction"
else:
return "Not Supported"
def get_feature_branch(func):
@wraps(func)
def inner_func(*args,**kwargs):
branch=get_branch(inner_func.__name__, kwargs.get("version"))
if branch == "No Restriction":
func(*args,**kwargs)
elif branch == "Not Supported":
print("Feature {} is not supported in version {}".format(inner_func.__name__, kwargs.get("version")))
else:
kwargs["branch"] = branch
func(*args,**kwargs)
return
return inner_func
class HarborAPI: class HarborAPI:
def create_project(self, project_name): @get_feature_branch
body=dict(body={"project_name": ""+project_name+"", "metadata": {"public": "true"}}) def create_project(self, project, **kwargs):
if kwargs["branch"] == 1:
body=dict(body={"project_name": ""+project["name"]+"", "metadata": {"public": "true"}})
elif kwargs["branch"] == 2:
body=dict(body={"project_name": ""+project["name"]+"", "metadata": {"public": "true"},"count_limit":project["count_limit"],"storage_limit":project["storage_limit"]})
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
request(url+"projects", 'post', **body) request(url+"projects", 'post', **body)
def create_user(self, username): def create_user(self, username):
@ -25,65 +60,135 @@ class HarborAPI:
body=dict(body=payload) body=dict(body=payload)
request(url+"users", 'post', **body) request(url+"users", 'post', **body)
def set_user_admin(self, user): @get_feature_branch
def set_user_admin(self, user, **kwargs):
r = request(url+"users?username="+user+"", 'get') r = request(url+"users?username="+user+"", 'get')
userid = str(r.json()[0]['user_id']) userid = str(r.json()[0]['user_id'])
if args.version == "1.6":
body=dict(body={"sysadmin_flag": True}) if kwargs["branch"] == 1:
body=dict(body={"has_admin_role": 1})
elif kwargs["branch"] == 2:
body=dict(body={"has_admin_role": True})
else: else:
body=dict(body={"sysadmin_flag": 1}) raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
request(url+"users/"+userid+"/sysadmin", 'put', **body) request(url+"users/"+userid+"/sysadmin", 'put', **body)
def add_member(self, project, user, role): @get_feature_branch
def add_member(self, project, user, role, **kwargs):
r = request(url+"projects?name="+project+"", 'get') r = request(url+"projects?name="+project+"", 'get')
projectid = str(r.json()[0]['project_id']) projectid = str(r.json()[0]['project_id'])
if args.version == "1.6":
if kwargs["branch"] == 1:
payload = {"roles": [role], "username":""+user+""}
elif kwargs["branch"] == 2:
payload = {"member_user":{ "username": ""+user+""},"role_id": role} payload = {"member_user":{ "username": ""+user+""},"role_id": role}
else: else:
payload = {"roles": [role], "username":""+user+""} raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
body=dict(body=payload) body=dict(body=payload)
request(url+"projects/"+projectid+"/members", 'post', **body) request(url+"projects/"+projectid+"/members", 'post', **body)
def add_endpoint(self, endpointurl, endpointname, username, password, insecure): @get_feature_branch
payload = { def add_endpoint(self, endpointurl, endpointname, username, password, insecure, registry_type, **kwargs):
"credential":{ if kwargs["branch"] == 1:
"access_key":""+username+"", payload = {"endpoint": ""+endpointurl+"", "name": ""+endpointname+"", "username": ""+username+"", "password": ""+password+"", "insecure": insecure}
"access_secret":""+password+"", body=dict(body=payload)
"type":"basic" request(url+"targets", 'post', **body)
}, elif kwargs["branch"] == 2:
"insecure":insecure, if registry_type == "harbor":
"name":""+endpointname+"", endpointurl = endpoint_url
"type":"harbor", payload = {
"url":""+endpoint_url+"" "credential":{
} "access_key":""+username+"",
body=dict(body=payload) "access_secret":""+password+"",
print body "type":"basic"
request(url+"/registries", 'post', **body) },
"insecure":insecure,
"name":""+endpointname+"",
"type":""+registry_type+"",
"url":""+endpointurl+""
}
body=dict(body=payload)
print body
request(url+"/registries", 'post', **body)
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
def add_replication_rule(self, project, target, trigger, rulename): @get_feature_branch
r = request(url+"registries?name="+target+"", 'get') def add_replication_rule(self, replicationrule, **kwargs):
targetid = r.json()[0]['id'] if kwargs["branch"] == 1:
payload = {"name": ""+rulename+"", "deletion": False, "enabled": True, "description": "string", "dest_registry": {"id": targetid},"trigger": {"type": "manual"}} r = request(url+"projects?name="+replicationrule["project"]+"", 'get')
body=dict(body=payload) projectid = r.json()[0]['project_id']
request(url+"replication/policies", 'post', **body) r = request(url+"targets?name="+replicationrule["endpoint"]+"", 'get')
targetid = r.json()[0]['id']
payload = {"name": ""+replicationrule["rulename"]+"", "description": "string", "projects": [{"project_id": projectid,}], "targets": [{"id": targetid,}], "trigger": {"kind": ""+replicationrule["trigger"]+"", "schedule_param": {"type": "weekly", "weekday": 1, "offtime": 0}}}
body=dict(body=payload)
request(url+"policies/replication", 'post', **body)
elif kwargs["branch"] == 2:
r = request(url+"registries?name="+replicationrule["endpoint"]+"", 'get')
targetid = r.json()[0]['id']
if replicationrule["is_src_registry"] is True:
registry = r'"src_registry": { "id": '+str(targetid)+r'},'
else:
registry = r'"dest_registry": { "id": '+str(targetid)+r'},'
def update_project_setting(self, project, public, contenttrust, preventrunning, preventseverity, scanonpush): body=dict(body=json.loads(r'{"name":"'+replicationrule["rulename"].encode('utf-8')+r'","dest_namespace":"'+replicationrule["dest_namespace"].encode('utf-8')+r'","deletion": '+str(replicationrule["deletion"]).lower()+r',"enabled": '+str(replicationrule["enabled"]).lower()+r',"override": '+str(replicationrule["override"]).lower()+r',"description": "string",'+ registry + r'"trigger":{"type": "'+replicationrule["trigger_type"]+r'", "trigger_settings":{"cron":"'+replicationrule["cron"]+r'"}},"filters":[ {"type":"name","value":"'+replicationrule["name_filters"]+r'"},{"type":"tag","value":"'+replicationrule["tag_filters"]+r'"}]}'))
print body
request(url+"replication/policies", 'post', **body)
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
#@get_feature_branch
def update_project_setting_metadata(self, project, public, contenttrust, preventrunning, preventseverity, scanonpush):
r = request(url+"projects?name="+project+"", 'get') r = request(url+"projects?name="+project+"", 'get')
projectid = str(r.json()[0]['project_id']) projectid = str(r.json()[0]['project_id'])
payload = { payload = {
"project_name": ""+project+"",
"metadata": { "metadata": {
"public": public, "public": public,
"enable_content_trust": contenttrust, "enable_content_trust": contenttrust,
"prevent_vulnerable_images_from_running": preventrunning, "prevent_vul": preventrunning,
"prevent_vulnerable_images_from_running_severity": preventseverity, "severity": preventseverity,
"automatically_scan_images_on_push": scanonpush "auto_scan": scanonpush
} }
} }
body=dict(body=payload) body=dict(body=payload)
print body
request(url+"projects/"+projectid+"", 'put', **body) request(url+"projects/"+projectid+"", 'put', **body)
@get_feature_branch
def add_sys_whitelist(self, cve_id_list, **kwargs):
cve_id_str = ""
if kwargs["branch"] == 1:
for index, cve_id in enumerate(cve_id_list["cve"]):
cve_id_str = cve_id_str + '{"cve_id":"' +cve_id["id"] + '"}'
if index != len(cve_id_list["cve"]) - 1:
cve_id_str = cve_id_str + ","
body=dict(body=json.loads(r'{"items":['+cve_id_str.encode('utf-8')+r'],"expires_at":'+cve_id_list["expires_at"]+'}'))
request(url+"system/CVEWhitelist", 'put', **body)
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
@get_feature_branch
def update_project_setting_whitelist(self, project, reuse_sys_cve_whitelist, cve_id_list, **kwargs):
r = request(url+"projects?name="+project+"", 'get')
projectid = str(r.json()[0]['project_id'])
cve_id_str = ""
if kwargs["branch"] == 1:
for index, cve_id in enumerate(cve_id_list["cve"]):
cve_id_str = cve_id_str + '{"cve_id":"' +cve_id["id"] + '"}'
if index != len(cve_id_list["cve"]) - 1:
cve_id_str = cve_id_str + ","
print cve_id_str
if reuse_sys_cve_whitelist == "true":
payload = r'{"metadata":{"reuse_sys_cve_whitelist":"true"}}'
else:
payload = r'{"metadata":{"reuse_sys_cve_whitelist":"false"},"cve_whitelist":{"project_id":'+projectid+',"items":['+cve_id_str.encode('utf-8')+r'],"expires_at":'+cve_id_list["expires_at"]+'}}'
print payload
body=dict(body=json.loads(payload))
request(url+"projects/"+projectid+"", 'put', **body)
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
def update_systemsetting(self, emailfrom, emailhost, emailport, emailuser, creation, selfreg, token): def update_systemsetting(self, emailfrom, emailhost, emailport, emailuser, creation, selfreg, token):
payload = { payload = {
"auth_mode": "db_auth", "auth_mode": "db_auth",
@ -108,6 +213,78 @@ class HarborAPI:
body=dict(body=payload) body=dict(body=payload)
request(url+"configurations", 'put', **body) request(url+"configurations", 'put', **body)
@get_feature_branch
def add_project_robot_account(self, project, robot_account, **kwargs):
r = request(url+"projects?name="+project+"", 'get')
projectid = str(r.json()[0]['project_id'])
if kwargs["branch"] == 1:
if len(robot_account["access"]) == 1:
robot_account_ac = robot_account["access"][0]
payload = {
"name": robot_account["name"],
"access": [
{
"resource": "/project/"+projectid+"/repository",
"action": robot_account_ac["action"]
}
]
}
elif len(robot_account["access"]) == 2:
payload = {
"name": robot_account["name"],
"access": [
{
"resource": "/project/"+projectid+"/repository",
"action": "pull"
},
{
"resource": "/project/"+projectid+"/repository",
"action": "push"
}
]
}
else:
raise Exception(r"Error: Robot account count {} is not legal!".format(len(robot_account["access"])))
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch))
print payload
body=dict(body=payload)
request(url+"projects/"+projectid+"/robots", 'post', **body)
@get_feature_branch
def add_tag_retention_rule(self, project, robot_account, **kwargs):
return
@get_feature_branch
def add_webhook(self, webhook, **kwargs):
if kwargs["branch"] == 1:
payload = {
"targets":[
{
"type":"http",
"address":webhook["address"],
"skip_cert_verify":webhook["skip_cert_verify"],
"auth_header":webhook["auth_header"]
}
],
"event_types":[
"downloadChart",
"deleteChart",
"uploadChart",
"deleteImage",
"pullImage",
"pushImage",
"scanningFailed",
"scanningCompleted"
],
"enabled":+webhook["enabled"]
}
body=dict(body=payload)
request(url+"system/CVEWhitelist", 'put', **body)
else:
raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, kwargs["branch"]))
def update_repoinfo(self, reponame): def update_repoinfo(self, reponame):
payload = {"description": "testdescription"} payload = {"description": "testdescription"}
body=dict(body=payload) body=dict(body=payload)
@ -125,6 +302,7 @@ class HarborAPI:
try: try:
os.makedirs(ca_path) os.makedirs(ca_path)
except Exception, e: except Exception, e:
print str(e)
pass pass
open(target, 'wb').write(ca_content) open(target, 'wb').write(ca_content)
@ -155,7 +333,7 @@ def pull_image(*image):
def push_image(image, project): def push_image(image, project):
os.system("docker tag "+image+" "+args.endpoint+"/"+project+"/"+image) os.system("docker tag "+image+" "+args.endpoint+"/"+project+"/"+image)
os.system("docker login "+args.endpoint+" -u Admin"+" -p Harbor12345") os.system("docker login "+args.endpoint+" -u admin"+" -p Harbor12345")
os.system("docker push "+args.endpoint+"/"+project+"/"+image) os.system("docker push "+args.endpoint+"/"+project+"/"+image)
def push_signed_image(image, project, tag): def push_signed_image(image, project, tag):
@ -169,30 +347,39 @@ def do_data_creation():
harborAPI.create_user(user["name"]) harborAPI.create_user(user["name"])
for user in data["admin"]: for user in data["admin"]:
harborAPI.set_user_admin(user["name"]) harborAPI.set_user_admin(user["name"], version=args.version)
for project in data["projects"]: for project in data["projects"]:
harborAPI.create_project(project["name"]) harborAPI.create_project(project, version=args.version)
for member in project["member"]: for member in project["member"]:
harborAPI.add_member(project["name"], member["name"], member["role"]) harborAPI.add_member(project["name"], member["name"], member["role"], version=args.version)
for robot_account in project["robot_account"]:
harborAPI.add_project_robot_account(project["name"], robot_account, version=args.version)
harborAPI.add_webhook(project["webhook"], version=args.version)
pull_image("busybox", "redis", "haproxy", "alpine", "httpd:2") pull_image("busybox", "redis", "haproxy", "alpine", "httpd:2")
push_image("busybox", data["projects"][0]["name"]) push_image("busybox", data["projects"][0]["name"])
push_signed_image("alpine", data["projects"][0]["name"], "latest") push_signed_image("alpine", data["projects"][0]["name"], "latest")
for endpoint in data["endpoint"]: for endpoint in data["endpoint"]:
harborAPI.add_endpoint(endpoint["url"], endpoint["name"], endpoint["user"], endpoint["pass"], True) harborAPI.add_endpoint(endpoint["url"], endpoint["name"], endpoint["user"], endpoint["pass"], endpoint["insecure"], endpoint["type"], version=args.version)
for replicationrule in data["replicationrule"]: for replicationrule in data["replicationrule"]:
harborAPI.add_replication_rule(replicationrule["project"], harborAPI.add_replication_rule(replicationrule, version=args.version)
replicationrule["endpoint"], replicationrule["trigger"],
replicationrule["rulename"])
for project in data["projects"]: for project in data["projects"]:
harborAPI.update_project_setting(project["name"], harborAPI.update_project_setting_metadata(project["name"],
project["configuration"]["public"], project["configuration"]["public"],
project["configuration"]["enable_content_trust"], project["configuration"]["enable_content_trust"],
project["configuration"]["prevent_vulnerable_images_from_running"], project["configuration"]["prevent_vul"],
project["configuration"]["prevent_vlunerable_images_from_running_severity"], project["configuration"]["severity"],
project["configuration"]["automatically_scan_images_on_push"]) project["configuration"]["auto_scan"])
for project in data["projects"]:
harborAPI.update_project_setting_whitelist(project["name"],
project["configuration"]["reuse_sys_cve_whitelist"],
project["configuration"]["deployment_security"],version=args.version)
harborAPI.update_systemsetting(data["configuration"]["emailsetting"]["emailfrom"], harborAPI.update_systemsetting(data["configuration"]["emailsetting"]["emailfrom"],
data["configuration"]["emailsetting"]["emailserver"], data["configuration"]["emailsetting"]["emailserver"],
float(data["configuration"]["emailsetting"]["emailport"]), float(data["configuration"]["emailsetting"]["emailport"]),
@ -200,4 +387,7 @@ def do_data_creation():
data["configuration"]["projectcreation"], data["configuration"]["projectcreation"],
data["configuration"]["selfreg"], data["configuration"]["selfreg"],
float(data["configuration"]["token"])) float(data["configuration"]["token"]))
harborAPI.add_sys_whitelist(data["configuration"]["deployment_security"],version=args.version)
do_data_creation() do_data_creation()

193
tests/robot-cases/Group3-Upgrade/prepare_v17.py
View File

@ -1,193 +0,0 @@
import os
import json
import argparse
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
parser = argparse.ArgumentParser(description='The script to generate data for harbor v1.4.0')
parser.add_argument('--endpoint', '-e', dest='endpoint', required=True, help='The endpoint to harbor')
parser.add_argument('--version', '-v', dest='version', required=False, help='The version to harbor')
args = parser.parse_args()
url = "https://"+args.endpoint+"/api/"
print url
class HarborAPI:
def create_project(self, project_name):
body=dict(body={"project_name": ""+project_name+"", "metadata": {"public": "true"}})
request(url+"projects", 'post', **body)
def create_user(self, username):
payload = {"username":username, "email":username+"@vmware.com", "password":"Harbor12345", "realname":username, "comment":"string"}
body=dict(body=payload)
request(url+"users", 'post', **body)
def set_user_admin(self, user):
r = request(url+"users?username="+user+"", 'get')
userid = str(r.json()[0]['user_id'])
if args.version == "1.6":
body=dict(body={"sysadmin_flag": True})
else:
body=dict(body={"sysadmin_flag": 1})
request(url+"users/"+userid+"/sysadmin", 'put', **body)
def add_member(self, project, user, role):
r = request(url+"projects?name="+project+"", 'get')
projectid = str(r.json()[0]['project_id'])
if args.version == "1.6":
payload = {"member_user":{ "username": ""+user+""},"role_id": role}
else:
payload = {"roles": [role], "username":""+user+""}
body=dict(body=payload)
request(url+"projects/"+projectid+"/members", 'post', **body)
def add_endpoint(self, endpointurl, endpointname, username, password, insecure):
payload = {"endpoint": ""+endpointurl+"", "name": ""+endpointname+"", "username": ""+username+"", "password": ""+password+"", "insecure": insecure}
body=dict(body=payload)
request(url+"targets", 'post', **body)
def add_replication_rule(self, project, target, trigger, rulename):
r = request(url+"projects?name="+project+"", 'get')
projectid = r.json()[0]['project_id']
r = request(url+"targets?name="+target+"", 'get')
targetid = r.json()[0]['id']
payload = {"name": ""+rulename+"", "description": "string", "projects": [{"project_id": projectid,}], "targets": [{"id": targetid,}], "trigger": {"kind": ""+trigger+"", "schedule_param": {"type": "weekly", "weekday": 1, "offtime": 0}}}
body=dict(body=payload)
request(url+"policies/replication", 'post', **body)
def update_project_setting(self, project, public, contenttrust, preventrunning, preventseverity, scanonpush):
r = request(url+"projects?name="+project+"", 'get')
projectid = str(r.json()[0]['project_id'])
payload = {
"metadata": {
"public": public,
"enable_content_trust": contenttrust,
"prevent_vul": preventrunning,
"severity": preventseverity,
"auto_scan": scanonpush
}
}
body=dict(body=payload)
request(url+"projects/"+projectid+"", 'put', **body)
def update_systemsetting(self, emailfrom, emailhost, emailport, emailuser, creation, selfreg, token):
payload = {
"auth_mode": "db_auth",
"email_from": emailfrom,
"email_host": emailhost,
"email_port": emailport,
"email_identity": "string",
"email_username": emailuser,
"email_ssl": True,
"email_insecure": True,
"project_creation_restriction": creation,
"read_only": False,
"self_registration": selfreg,
"token_expiration": token,
"scan_all_policy": {
"type": "none",
"parameter": {
"daily_time": 0
}
}
}
body=dict(body=payload)
request(url+"configurations", 'put', **body)
def update_repoinfo(self, reponame):
payload = {"description": "testdescription"}
body=dict(body=payload)
request(url+"repositories/"+reponame+"", 'put', **body)
def get_ca(self, target='/harbor/ca/ca.crt'):
url = "https://" + args.endpoint + "/api/systeminfo/getcert"
resp = request(url, 'get')
try:
ca_content = json.loads(resp.text)
except ValueError:
ca_content = resp.text
ca_path = '/harbor/ca'
if not os.path.exists(ca_path):
try:
os.makedirs(ca_path)
except Exception, e:
pass
open(target, 'wb').write(ca_content)
def request(url, method, user = None, userp = None, **kwargs):
if user is None:
user = "admin"
if userp is None:
userp = "Harbor12345"
kwargs.setdefault('headers', kwargs.get('headers', {}))
kwargs['headers']['Accept'] = 'application/json'
if 'body' in kwargs:
kwargs['headers']['Content-Type'] = 'application/json'
kwargs['data'] = json.dumps(kwargs['body'])
del kwargs['body']
resp = requests.request(method, url, verify=False, auth=(user, userp), **kwargs)
if resp.status_code >= 400:
raise Exception("[Exception Message] - {}".format(resp.text))
return resp
with open("data.json") as f:
data = json.load(f)
def pull_image(*image):
for i in image:
os.system("docker pull "+i)
def push_image(image, project):
os.system("docker tag "+image+" "+args.endpoint+"/"+project+"/"+image)
os.system("docker login "+args.endpoint+" -u Admin"+" -p Harbor12345")
os.system("docker push "+args.endpoint+"/"+project+"/"+image)
def push_signed_image(image, project, tag):
os.system("./sign_image.sh" + " " + args.endpoint + " " + project + " " + image + " " + tag)
def do_data_creation():
harborAPI = HarborAPI()
harborAPI.get_ca()
for user in data["users"]:
harborAPI.create_user(user["name"])
for user in data["admin"]:
harborAPI.set_user_admin(user["name"])
for project in data["projects"]:
harborAPI.create_project(project["name"])
for member in project["member"]:
harborAPI.add_member(project["name"], member["name"], member["role"])
pull_image("busybox", "redis", "haproxy", "alpine", "httpd:2")
push_image("busybox", data["projects"][0]["name"])
push_signed_image("alpine", data["projects"][0]["name"], "latest")
for endpoint in data["endpoint"]:
harborAPI.add_endpoint(endpoint["url"], endpoint["name"], endpoint["user"], endpoint["pass"], False)
for replicationrule in data["replicationrule"]:
harborAPI.add_replication_rule(replicationrule["project"],
replicationrule["endpoint"], replicationrule["trigger"],
replicationrule["rulename"])
for project in data["projects"]:
harborAPI.update_project_setting(project["name"],
project["configuration"]["public"],
project["configuration"]["enable_content_trust"],
project["configuration"]["prevent_vulnerable_images_from_running"],
project["configuration"]["prevent_vlunerable_images_from_running_severity"],
project["configuration"]["automatically_scan_images_on_push"])
harborAPI.update_systemsetting(data["configuration"]["emailsetting"]["emailfrom"],
data["configuration"]["emailsetting"]["emailserver"],
float(data["configuration"]["emailsetting"]["emailport"]),
data["configuration"]["emailsetting"]["emailuser"],
data["configuration"]["projectcreation"],
data["configuration"]["selfreg"],
float(data["configuration"]["token"]))
do_data_creation()

28
tests/robot-cases/Group3-Upgrade/verify.robot
View File

@ -9,13 +9,41 @@ ${HARBOR_ADMIN} admin
*** Test Cases *** *** Test Cases ***
Test Case - Upgrade Verify Test Case - Upgrade Verify
[Tags] 1.8-latest
${data}= Load Json From File ${CURDIR}${/}data.json
Log To Console "Verify User..."
Run Keyword Verify User ${data}
Log To Console "Verify Project..."
Run Keyword Verify Project ${data}
Log To Console "Verify Member Exist..."
Run Keyword Verify Member Exist ${data}
#Run Keyword Verify Robot Account Exist ${data}
Log To Console "Verify User System Admin Role..."
Run Keyword Verify User System Admin Role ${data}
Log To Console "Verify Endpoint..."
Run Keyword Verify Endpoint ${data}
Log To Console "Verify Replicationrule..."
Run Keyword Verify Replicationrule ${data}
Log To Console "Verify Project Setting..."
Run Keyword Verify Project Setting ${data}
Log To Console "Verify System Setting..."
Run Keyword Verify System Setting ${data}
Log To Console "Verify Image Tag..."
Run Keyword Verify Image Tag ${data}
Test Case - Upgrade Verify
[Tags] 1.9-latest
${data}= Load Json From File ${CURDIR}${/}data.json ${data}= Load Json From File ${CURDIR}${/}data.json
Run Keyword Verify User ${data} Run Keyword Verify User ${data}
Run Keyword Verify Project ${data} Run Keyword Verify Project ${data}
Run Keyword Verify Member Exist ${data} Run Keyword Verify Member Exist ${data}
#Run Keyword Verify Robot Account Exist ${data}
Run Keyword Verify Project-level Whitelist ${data}
#Run Keyword Verify Webhook ${data}
Run Keyword Verify User System Admin Role ${data} Run Keyword Verify User System Admin Role ${data}
Run Keyword Verify Endpoint ${data} Run Keyword Verify Endpoint ${data}
Run Keyword Verify Replicationrule ${data} Run Keyword Verify Replicationrule ${data}
Run Keyword Verify Project Setting ${data} Run Keyword Verify Project Setting ${data}
Run Keyword Verify System Setting ${data} Run Keyword Verify System Setting ${data}
#Run Keyword Verify System Setting Whitelist ${data}
Run Keyword Verify Image Tag ${data} Run Keyword Verify Image Tag ${data}