mirror of https://github.com/goharbor/harbor.git
Re-script ldap API script
1. upgrade robotframework in git action 2. Re-script ldap API script:test_assign_role_to_ldap_group.py Signed-off-by: danfengliu <danfengl@vmware.com>
This commit is contained in:
danfengliu
parent
2de10700d8
commit
3f5bd9ae0a
|
|
@ -233,6 +233,14 @@ jobs:
|
|||
IP=`hostname -I | awk '{print $1}'`
|
||||
echo '{"insecure-registries" : ["'$IP':5000"]}' | sudo tee /etc/docker/daemon.json
|
||||
echo "::set-env name=IP::$IP"
|
||||
python -V
|
||||
sudo apt-get update -y && sudo apt-get install -y zbar-tools libzbar-dev python-zbar
|
||||
sudo apt-get update -y
|
||||
sudo apt-get install -y python3.6
|
||||
sudo rm /usr/bin/python
|
||||
sudo ln -s /usr/bin/python3.6 /usr/bin/python
|
||||
sudo apt-get install -y python3-pip
|
||||
python -V
|
||||
- name: install
|
||||
run: |
|
||||
cd src/github.com/goharbor/harbor
|
||||
|
|
|
|||
8
Makefile
8
Makefile
|
|
@ -551,14 +551,14 @@ down:
|
|||
|
||||
swagger_client:
|
||||
@echo "Generate swagger client"
|
||||
wget https://repo1.maven.org/maven2/io/swagger/swagger-codegen-cli/2.3.1/swagger-codegen-cli-2.3.1.jar -O swagger-codegen-cli.jar
|
||||
wget https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/4.3.1/openapi-generator-cli-4.3.1.jar -O openapi-generator-cli.jar
|
||||
rm -rf harborclient
|
||||
mkdir -p harborclient/harbor_client
|
||||
mkdir -p harborclient/harbor_swagger_client
|
||||
mkdir -p harborclient/harbor_v2_swagger_client
|
||||
java -jar swagger-codegen-cli.jar generate -i api/swagger.yaml -l python -o harborclient/harbor_client -DpackageName=client
|
||||
java -jar swagger-codegen-cli.jar generate -i api/v2.0/legacy_swagger.yaml -l python -o harborclient/harbor_swagger_client -DpackageName=swagger_client
|
||||
java -jar swagger-codegen-cli.jar generate -i api/v2.0/swagger.yaml -l python -o harborclient/harbor_v2_swagger_client -DpackageName=v2_swagger_client
|
||||
java -jar openapi-generator-cli.jar generate -i api/swagger.yaml -g python -o harborclient/harbor_client --package-name client
|
||||
java -jar openapi-generator-cli.jar generate -i api/v2.0/legacy_swagger.yaml -g python -o harborclient/harbor_swagger_client --package-name swagger_client
|
||||
java -jar openapi-generator-cli.jar generate -i api/v2.0/swagger.yaml -g python -o harborclient/harbor_v2_swagger_client --package-name v2_swagger_client
|
||||
cd harborclient/harbor_client; python ./setup.py install
|
||||
cd harborclient/harbor_swagger_client; python ./setup.py install
|
||||
cd harborclient/harbor_v2_swagger_client; python ./setup.py install
|
||||
|
|
|
|||
|
|
@ -91,7 +91,7 @@ class Artifact(base.Base, object):
|
|||
if (timeout_count == 0):
|
||||
break
|
||||
artifact = self.get_reference_info(project_name, repo_name, reference, **kwargs)
|
||||
scan_status = artifact[0].scan_overview['application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0']["scan_status"]
|
||||
scan_status = artifact[0].scan_overview['application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0'].scan_status
|
||||
if scan_status == expected_scan_status:
|
||||
return
|
||||
raise Exception("Scan image result is {}, not as expected {}.".format(scan_status, expected_scan_status))
|
||||
|
|
|
|||
|
|
@ -11,6 +11,16 @@ def set_configurations(client, expect_status_code = 200, expect_response_body =
|
|||
conf.project_creation_restriction = config.get("project_creation_restriction")
|
||||
if "token_expiration" in config:
|
||||
conf.token_expiration = config.get("token_expiration")
|
||||
if "ldap_filter" in config:
|
||||
conf.ldap_filter = config.get("ldap_filter")
|
||||
if "ldap_group_attribute_name" in config:
|
||||
conf.ldap_group_attribute_name = config.get("ldap_group_attribute_name")
|
||||
if "ldap_group_base_dn" in config:
|
||||
conf.ldap_group_base_dn = config.get("ldap_group_base_dn")
|
||||
if "ldap_group_search_filter" in config:
|
||||
conf.ldap_group_search_filter = config.get("ldap_group_search_filter")
|
||||
if "ldap_group_search_scope" in config:
|
||||
conf.ldap_group_search_scope = config.get("ldap_group_search_scope")
|
||||
|
||||
try:
|
||||
_, status_code, _ = client.configurations_put_with_http_info(conf)
|
||||
|
|
@ -56,3 +66,11 @@ class Configurations(base.Base):
|
|||
|
||||
config=dict(token_expiration=token_expiration)
|
||||
set_configurations(client, expect_status_code = expect_status_code, **config)
|
||||
|
||||
def set_configurations_of_ldap(self, ldap_filter=None, ldap_group_attribute_name=None,
|
||||
ldap_group_base_dn=None, ldap_group_search_filter=None, ldap_group_search_scope=None, expect_status_code = 200, **kwargs):
|
||||
client = self._get_client(**kwargs)
|
||||
config=dict(ldap_filter=ldap_filter, ldap_group_attribute_name=ldap_group_attribute_name,
|
||||
ldap_group_base_dn=ldap_group_base_dn, ldap_group_search_filter=ldap_group_search_filter, ldap_group_search_scope=ldap_group_search_scope)
|
||||
set_configurations(client, expect_status_code = expect_status_code, **config)
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ import base
|
|||
import swagger_client
|
||||
import v2_swagger_client
|
||||
from v2_swagger_client.rest import ApiException
|
||||
from library.base import _assert_status_code
|
||||
|
||||
def is_member_exist_in_project(members, member_user_name, expected_member_role_id = None):
|
||||
result = False
|
||||
|
|
@ -188,12 +189,18 @@ class Project(base.Base):
|
|||
base._assert_status_code(expect_status_code, status_code)
|
||||
base._assert_status_code(200, status_code)
|
||||
|
||||
def add_project_members(self, project_id, user_id, member_role_id = None, expect_status_code = 201, **kwargs):
|
||||
def add_project_members(self, project_id, user_id = None, member_role_id = None, _ldap_group_dn=None,expect_status_code = 201, **kwargs):
|
||||
kwargs['api_type'] = 'products'
|
||||
projectMember = swagger_client.ProjectMember()
|
||||
if user_id is not None:
|
||||
projectMember.member_user = {"user_id": int(user_id)}
|
||||
if member_role_id is None:
|
||||
member_role_id = 1
|
||||
_member_user = {"user_id": int(user_id)}
|
||||
projectMember = swagger_client.ProjectMember(member_role_id, member_user = _member_user)
|
||||
projectMember.role_id = 1
|
||||
else:
|
||||
projectMember.role_id = member_role_id
|
||||
if _ldap_group_dn is not None:
|
||||
projectMember.member_group = swagger_client.UserGroup(ldap_group_dn=_ldap_group_dn)
|
||||
|
||||
client = self._get_client(**kwargs)
|
||||
data = []
|
||||
data, status_code, header = client.projects_project_id_members_post_with_http_info(project_id, project_member = projectMember)
|
||||
|
|
@ -257,3 +264,14 @@ class Project(base.Base):
|
|||
_, status_code, _ = client.projects_project_id_robots_robot_id_delete_with_http_info(project_id, robot_id)
|
||||
base._assert_status_code(expect_status_code, status_code)
|
||||
base._assert_status_code(200, status_code)
|
||||
|
||||
def query_user_logs(self, project_name, status_code=200, **kwargs):
|
||||
try:
|
||||
logs = self.get_project_log(project_name, expect_status_code=status_code, **kwargs)
|
||||
count = 0
|
||||
for log in list(logs):
|
||||
count = count + 1
|
||||
return count
|
||||
except ApiException as e:
|
||||
_assert_status_code(status_code, e.status)
|
||||
return 0
|
||||
|
|
@ -183,7 +183,7 @@ class System(base.Base):
|
|||
except Exception as e:
|
||||
base._assert_status_code(expected_status_code, e.status)
|
||||
else:
|
||||
base._assert_status_code(expected_status_code, r[1])
|
||||
base._assert_status_code(expected_status_code, r.status)
|
||||
|
||||
def get_cve_allowlist(self, **kwargs):
|
||||
client = self._get_client(**kwargs)
|
||||
|
|
|
|||
|
|
@ -26,11 +26,11 @@ class User(base.Base):
|
|||
|
||||
return base._get_id_from_header(header), name
|
||||
|
||||
def get_users(self, username=None, email=None, page=None, page_size=None, **kwargs):
|
||||
def get_users(self, user_name=None, email=None, page=None, page_size=None, **kwargs):
|
||||
client = self._get_client(**kwargs)
|
||||
params={}
|
||||
if username is not None:
|
||||
params["username"] = username
|
||||
if user_name is not None:
|
||||
params["username"] = user_name
|
||||
if email is not None:
|
||||
params["email"] = email
|
||||
if page is not None:
|
||||
|
|
@ -41,12 +41,19 @@ class User(base.Base):
|
|||
base._assert_status_code(200, status_code)
|
||||
return data
|
||||
|
||||
def get_user(self, user_id, **kwargs):
|
||||
def get_user_by_id(self, user_id, **kwargs):
|
||||
client = self._get_client(**kwargs)
|
||||
data, status_code, _ = client.users_user_id_get_with_http_info(user_id)
|
||||
base._assert_status_code(200, status_code)
|
||||
return data
|
||||
|
||||
def get_user_by_name(self, name, **kwargs):
|
||||
users = self.get_users(user_name=name, **kwargs)
|
||||
for user in users:
|
||||
if user.username == name:
|
||||
return user
|
||||
return None
|
||||
|
||||
|
||||
def get_user_current(self, **kwargs):
|
||||
client = self._get_client(**kwargs)
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ class TestProjects(unittest.TestCase):
|
|||
self.assertEqual(len(project_001_data), 0, msg="user-001 should has no any private project, but we got {}".format(project_001_data))
|
||||
|
||||
#4. Add user-001 as a member of project-001
|
||||
result = self.project.add_project_members(project_001_id, user_001_id, **ADMIN_CLIENT)
|
||||
result = self.project.add_project_members(project_001_id, user_id=user_001_id, **ADMIN_CLIENT)
|
||||
self.assertNotEqual(result, False, msg="Failed to add member user_001 to project_001, result is {}".format(result))
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ class TestProjects(unittest.TestCase):
|
|||
TestProjects.project_add_g_lbl_id, TestProjects.project_add_g_lbl_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT)
|
||||
|
||||
#3. Add user-001 as a member of project-001 with project-admin role
|
||||
self.project.add_project_members(TestProjects.project_add_g_lbl_id, TestProjects.user_add_g_lbl_id, **ADMIN_CLIENT)
|
||||
self.project.add_project_members(TestProjects.project_add_g_lbl_id, user_id=TestProjects.user_add_g_lbl_id, **ADMIN_CLIENT)
|
||||
|
||||
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
|
||||
self.project.projects_should_exist(dict(public=False), expected_count = 1,
|
||||
|
|
|
|||
|
|
@ -1,167 +1,83 @@
|
|||
# coding: utf-8
|
||||
|
||||
"""
|
||||
Harbor API
|
||||
|
||||
These APIs provide services for manipulating Harbor project.
|
||||
|
||||
OpenAPI spec version: 1.4.0
|
||||
|
||||
Generated by: https://github.com/swagger-api/swagger-codegen.git
|
||||
"""
|
||||
|
||||
|
||||
from __future__ import absolute_import
|
||||
import os
|
||||
import sys
|
||||
sys.path.append(os.environ["SWAGGER_CLIENT_PATH"])
|
||||
|
||||
import unittest
|
||||
import testutils
|
||||
import docker
|
||||
|
||||
from testutils import ADMIN_CLIENT
|
||||
from swagger_client.models.project_member import ProjectMember
|
||||
from swagger_client.models.user_group import UserGroup
|
||||
from swagger_client.models.configurations import Configurations
|
||||
from library.project import Project
|
||||
from library.base import _assert_status_code
|
||||
from library.base import _random_name
|
||||
from v2_swagger_client.rest import ApiException
|
||||
from pprint import pprint
|
||||
|
||||
#Testcase
|
||||
#3-07-LDAP usergroup manage project group members
|
||||
class TestAssignRoleToLdapGroup(unittest.TestCase):
|
||||
harbor_host = os.environ["HARBOR_HOST"]
|
||||
"""AssignRoleToLdapGroup unit test stubs"""
|
||||
product_api = testutils.GetProductApi("admin", "Harbor12345")
|
||||
repository_api = testutils.GetRepositoryApi("admin", "Harbor12345")
|
||||
project_id = 0
|
||||
docker_client = docker.from_env()
|
||||
_project_name = _random_name("test-ldap-group")
|
||||
|
||||
def setUp(self):
|
||||
self.project = Project()
|
||||
|
||||
#login with admin, create a project and assign role to ldap group
|
||||
result = self.product_api.configurations_put(configurations=Configurations(ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2))
|
||||
pprint(result)
|
||||
cfgs = self.product_api.configurations_get()
|
||||
pprint(cfgs)
|
||||
result = self.project.create_project(self._project_name, dict(public="false"))
|
||||
pprint(result)
|
||||
|
||||
projs = self.project.get_projects(dict(name = self._project_name))
|
||||
if len(projs)>0 :
|
||||
project = projs[0]
|
||||
self.project_id = project.project_id
|
||||
|
||||
# asign role to project with dn
|
||||
group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com"
|
||||
projectmember = ProjectMember()
|
||||
projectmember.role_id = 1
|
||||
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
|
||||
|
||||
result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember )
|
||||
pprint(result)
|
||||
|
||||
group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com"
|
||||
projectmember = ProjectMember()
|
||||
projectmember.role_id = 2
|
||||
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
|
||||
|
||||
result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember )
|
||||
pprint(result)
|
||||
|
||||
group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com"
|
||||
projectmember = ProjectMember()
|
||||
projectmember.role_id = 3
|
||||
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
|
||||
|
||||
result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember )
|
||||
pprint(result)
|
||||
|
||||
def tearDown(self):
|
||||
if self.project_id > 0 :
|
||||
# delete images in project
|
||||
result = self.repository_api.delete_repository(self._project_name, "busybox")
|
||||
pprint(result)
|
||||
result = self.repository_api.delete_repository(self._project_name, "busyboxdev")
|
||||
pprint(result)
|
||||
self.project.delete_project(self.project_id)
|
||||
|
||||
def testAssignRoleToLdapGroup(self):
|
||||
"""Test AssignRoleToLdapGroup"""
|
||||
admin_product_api = Project("admin_user", "zhu88jie")
|
||||
projects = admin_product_api.get_projects(dict(name=self._project_name))
|
||||
self.assertTrue(len(projects) == 1)
|
||||
self.assertEqual(1, projects[0].current_user_role_id)
|
||||
|
||||
dev_product_api = Project("dev_user", "zhu88jie")
|
||||
projects = dev_product_api.get_projects(dict(name=self._project_name))
|
||||
self.assertTrue(len(projects) == 1)
|
||||
self.assertEqual(2, projects[0].current_user_role_id)
|
||||
|
||||
guest_product_api = Project("guest_user", "zhu88jie")
|
||||
projects = guest_product_api.get_projects(dict(name=self._project_name))
|
||||
self.assertTrue(len(projects) == 1)
|
||||
self.assertEqual(3, projects[0].current_user_role_id)
|
||||
|
||||
self.dockerCmdLoginAdmin(username="admin_user", password="zhu88jie")
|
||||
self.dockerCmdLoginDev(username="dev_user", password="zhu88jie")
|
||||
self.dockerCmdLoginGuest(username="guest_user", password="zhu88jie")
|
||||
|
||||
self.assertTrue(self.queryUserLogs(username="admin_user", password="zhu88jie")>0, "admin user can see logs")
|
||||
self.assertTrue(self.queryUserLogs(username="dev_user", password="zhu88jie")>0, "dev user can see logs")
|
||||
self.assertTrue(self.queryUserLogs(username="guest_user", password="zhu88jie")>0, "guest user can see logs")
|
||||
self.assertTrue(self.queryUserLogs(username="test", password="123456", status_code=403)==0, "test user can not see any logs")
|
||||
|
||||
# admin user can push, pull images
|
||||
def dockerCmdLoginAdmin(self, username, password):
|
||||
pprint(self.docker_client.info())
|
||||
self.docker_client.login(username=username, password=password, registry=self.harbor_host)
|
||||
self.docker_client.images.pull("busybox:latest")
|
||||
image = self.docker_client.images.get("busybox:latest")
|
||||
image.tag(repository=self.harbor_host+"/"+self._project_name+"/busybox", tag="latest")
|
||||
output = self.docker_client.images.push(repository=self.harbor_host+"/"+self._project_name+"/busybox", tag="latest")
|
||||
if output.find("error")>0 :
|
||||
self.fail("Should not fail to push image for admin_user")
|
||||
self.docker_client.images.pull(repository=self.harbor_host+"/"+self._project_name+"/busybox", tag="latest")
|
||||
|
||||
# dev user can push, pull images
|
||||
def dockerCmdLoginDev(self, username, password, harbor_server=harbor_host):
|
||||
self.docker_client.login(username=username, password=password, registry=self.harbor_host)
|
||||
self.docker_client.images.pull("busybox:latest")
|
||||
image = self.docker_client.images.get("busybox:latest")
|
||||
image.tag(repository=self.harbor_host+"/"+self._project_name+"/busyboxdev", tag="latest")
|
||||
output = self.docker_client.images.push(repository=self.harbor_host+"/"+self._project_name+"/busyboxdev", tag="latest")
|
||||
if output.find("error") >0 :
|
||||
self.fail("Should not fail to push images for dev_user")
|
||||
|
||||
# guest user can pull images
|
||||
def dockerCmdLoginGuest(self, username, password, harbor_server=harbor_host):
|
||||
self.docker_client.login(username=username, password=password, registry=self.harbor_host)
|
||||
self.docker_client.images.pull("busybox:latest")
|
||||
image = self.docker_client.images.get("busybox:latest")
|
||||
image.tag(repository=self.harbor_host+"/"+self._project_name+"/busyboxguest", tag="latest")
|
||||
output = self.docker_client.images.push(repository=self.harbor_host+"1/"+self._project_name+"/busyboxguest", tag="latest")
|
||||
if output.find("error")<0 :
|
||||
self.fail("Should failed to push image for guest user")
|
||||
self.docker_client.images.pull(repository=self.harbor_host+"/"+self._project_name+"/busybox", tag="latest")
|
||||
|
||||
# check can see his log in current project
|
||||
def queryUserLogs(self, username, password, status_code=200):
|
||||
client=dict(endpoint = ADMIN_CLIENT["endpoint"], username = username, password = password)
|
||||
try:
|
||||
logs = self.project.get_project_log(self._project_name, status_code, **client)
|
||||
count = 0
|
||||
for log in list(logs):
|
||||
count = count + 1
|
||||
return count
|
||||
except ApiException as e:
|
||||
_assert_status_code(status_code, e.status)
|
||||
return 0
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
||||
from __future__ import absolute_import
|
||||
import unittest
|
||||
|
||||
from testutils import harbor_server
|
||||
from testutils import TEARDOWN
|
||||
from testutils import ADMIN_CLIENT
|
||||
from testutils import created_user, created_project
|
||||
from library.project import Project
|
||||
from library.user import User
|
||||
from library.repository import Repository
|
||||
from library.repository import push_image_to_project
|
||||
from library.artifact import Artifact
|
||||
from library.scan import Scan
|
||||
from library.scanner import Scanner
|
||||
from library.configurations import Configurations
|
||||
from library.projectV2 import ProjectV2
|
||||
|
||||
|
||||
class TestAssignRoleToLdapGroup(unittest.TestCase):
|
||||
@classmethod
|
||||
def setUp(self):
|
||||
self.conf= Configurations()
|
||||
self.project = Project()
|
||||
self.artifact = Artifact()
|
||||
self.repo = Repository()
|
||||
self.scan = Scan()
|
||||
|
||||
@classmethod
|
||||
def tearDown(self):
|
||||
print("Case completed")
|
||||
|
||||
def TestAssignRoleToLdapGroup(self):
|
||||
"""
|
||||
Test case:
|
||||
Assign Role To Ldap Group
|
||||
Test step and expected result:
|
||||
1. Set LDAP Auth configurations;
|
||||
2. Create a new public project(PA) by Admin;
|
||||
3. Add 3 member groups to project(PA);
|
||||
4. Push image by each member role;
|
||||
5. Verfify that admin_user and dev_user can push image, guest_user can not push image;
|
||||
6. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs.
|
||||
7. Delete repository(RA) by user(UA);
|
||||
8. Delete project(PA);
|
||||
"""
|
||||
url = ADMIN_CLIENT["endpoint"]
|
||||
USER_ADMIN=dict(endpoint = url, username = "admin_user", password = "zhu88jie", repo = "hello-world")
|
||||
USER_DEV=dict(endpoint = url, username = "dev_user", password = "zhu88jie", repo = "alpine")
|
||||
USER_GUEST=dict(endpoint = url, username = "guest_user", password = "zhu88jie", repo = "busybox")
|
||||
USER_TEST=dict(endpoint = url, username = "test", password = "123456")
|
||||
|
||||
self.conf.set_configurations_of_ldap(ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com",
|
||||
ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT)
|
||||
|
||||
with created_project(metadata={"public": "false"}) as (project_id, project_name):
|
||||
self.project.add_project_members(project_id, member_role_id = 1, _ldap_group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT)
|
||||
self.project.add_project_members(project_id, member_role_id = 2, _ldap_group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT)
|
||||
self.project.add_project_members(project_id, member_role_id = 3, _ldap_group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT)
|
||||
projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN)
|
||||
self.assertTrue(len(projects) == 1)
|
||||
self.assertEqual(1, projects[0].current_user_role_id)
|
||||
|
||||
repo_name_admin, _ = push_image_to_project(project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest")
|
||||
artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN)
|
||||
self.assertTrue(len(artifacts) == 1)
|
||||
repo_name_dev, _ = push_image_to_project(project_name, harbor_server, USER_DEV["username"], USER_DEV["password"], USER_DEV["repo"], "latest")
|
||||
artifacts = self.artifact.list_artifacts(project_name, USER_DEV["repo"], **USER_DEV)
|
||||
self.assertTrue(len(artifacts) == 1)
|
||||
push_image_to_project(project_name, harbor_server, USER_GUEST["username"], USER_GUEST["password"], USER_GUEST["repo"], "latest")
|
||||
artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST)
|
||||
self.assertTrue(len(artifacts) == 0)
|
||||
|
||||
|
||||
self.assertTrue(self.project.query_user_logs(project_name, **USER_ADMIN)>0, "admin user can see logs")
|
||||
self.assertTrue(self.project.query_user_logs(project_name, **USER_DEV)>0, "dev user can see logs")
|
||||
self.assertTrue(self.project.query_user_logs(project_name, **USER_GUEST)>0, "guest user can see logs")
|
||||
self.assertTrue(self.project.query_user_logs(project_name, status_code=403, **USER_TEST)==0, "test user can not see any logs")
|
||||
|
||||
self.repo.delete_repoitory(project_name, repo_name_admin.split('/')[1], **USER_ADMIN)
|
||||
self.repo.delete_repoitory(project_name, repo_name_dev.split('/')[1], **USER_ADMIN)
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
||||
|
|
@ -1,73 +1,49 @@
|
|||
# coding: utf-8
|
||||
|
||||
"""
|
||||
Harbor API
|
||||
|
||||
These APIs provide services for manipulating Harbor project.
|
||||
|
||||
OpenAPI spec version: 1.4.0
|
||||
|
||||
Generated by: https://github.com/swagger-api/swagger-codegen.git
|
||||
"""
|
||||
|
||||
|
||||
from __future__ import absolute_import
|
||||
|
||||
import os
|
||||
import sys
|
||||
sys.path.append(os.environ["SWAGGER_CLIENT_PATH"])
|
||||
|
||||
import unittest
|
||||
import testutils
|
||||
import swagger_client
|
||||
|
||||
from testutils import harbor_server
|
||||
from testutils import TEARDOWN
|
||||
from library.base import _random_name
|
||||
from testutils import ADMIN_CLIENT
|
||||
from library.user import User
|
||||
from library.project import Project
|
||||
from swagger_client.models.configurations import Configurations
|
||||
from pprint import pprint
|
||||
from library.configurations import Configurations
|
||||
|
||||
|
||||
#Testcase
|
||||
# Define a LDAP group with harbor admin
|
||||
class TestLdapAdminRole(unittest.TestCase):
|
||||
"""AccessLog unit test stubs"""
|
||||
product_api = testutils.GetProductApi("admin", "Harbor12345")
|
||||
project_id = 0
|
||||
|
||||
@classmethod
|
||||
def setUp(self):
|
||||
self.project= Project()
|
||||
self.mike_product_api = Project("mike", "zhu88jie")
|
||||
url = ADMIN_CLIENT["endpoint"]
|
||||
self.conf= Configurations()
|
||||
self.uesr = User()
|
||||
self.project = Project()
|
||||
self.USER_MIKE=dict(endpoint = url, username = "mike", password = "zhu88jie")
|
||||
|
||||
@classmethod
|
||||
def tearDown(self):
|
||||
self.project.delete_project(TestLdapAdminRole.project_id, **self.USER_MIKE)
|
||||
print("Case completed")
|
||||
|
||||
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
|
||||
def test_ClearData(self):
|
||||
if self.project_id > 0 :
|
||||
self.mike_product_api.delete_project(self.project_id)
|
||||
|
||||
def testLdapAdminRole(self):
|
||||
"""Test LdapAdminRole"""
|
||||
_project_name = _random_name("test-ldap-admin-role")
|
||||
result = self.product_api.configurations_put(configurations=Configurations(ldap_group_admin_dn="cn=harbor_users,ou=groups,dc=example,dc=com"))
|
||||
"""
|
||||
Test case:
|
||||
LDAP Admin Role
|
||||
Test step and expected result:
|
||||
1. Set LDAP Auth configurations;
|
||||
2. Create a new public project(PA) by LDAP user mike;
|
||||
3. Check project is created successfully;
|
||||
4. Check mike is not admin;
|
||||
5. Delete project(PA);
|
||||
"""
|
||||
|
||||
# Create a private project
|
||||
result = self.project.create_project(_project_name)
|
||||
|
||||
# query project with ldap user mike
|
||||
projects = self.mike_product_api.get_projects(dict(name=_project_name))
|
||||
self.conf.set_configurations_of_ldap(ldap_group_admin_dn="cn=harbor_users,ou=groups,dc=example,dc=com", **ADMIN_CLIENT)
|
||||
|
||||
print("=================", projects)
|
||||
self.assertTrue(len(projects) == 1)
|
||||
self.project_id = projects[0].project_id
|
||||
TestLdapAdminRole.project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_MIKE)
|
||||
self.project.check_project_name_exist(name=project_name, **self.USER_MIKE)
|
||||
|
||||
# check the mike is not admin in Database
|
||||
user_list = self.product_api.users_get(username="mike")
|
||||
pprint(user_list[0])
|
||||
self.assertFalse(user_list[0].sysadmin_flag)
|
||||
|
||||
pass
|
||||
_user = self.uesr.get_user_by_name(self.USER_MIKE["username"], **ADMIN_CLIENT)
|
||||
self.assertFalse(_user.sysadmin_flag)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
||||
unittest.main()
|
||||
|
|
@ -80,7 +80,7 @@ class TestProjects(unittest.TestCase):
|
|||
self.project.check_project_member_not_exist(TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT)
|
||||
|
||||
#4.1 Alice Add Bob as a guest member of project(PA)
|
||||
member_id_bob = self.project.add_project_members(TestProjects.project_alice_id, TestProjects.user_bob_id, member_role_id = 3, **USER_ALICE_CLIENT)
|
||||
member_id_bob = self.project.add_project_members(TestProjects.project_alice_id, user_id=TestProjects.user_bob_id, member_role_id = 3, **USER_ALICE_CLIENT)
|
||||
|
||||
#4.2 Check Bob is a guest member of project(PA)
|
||||
self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 3, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT)
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ class TestProjectCVEAllowlist(unittest.TestCase):
|
|||
self.user_ra_id = int(user_ra_id)
|
||||
p_id, _ = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT)
|
||||
self.project_pa_id = int(p_id)
|
||||
m_id = self.project.add_project_members(self.project_pa_id, self.user_ra_id, member_role_id=3, **ADMIN_CLIENT)
|
||||
m_id = self.project.add_project_members(self.project_pa_id, user_id=self.user_ra_id, member_role_id=3, **ADMIN_CLIENT)
|
||||
self.member_id = int(m_id)
|
||||
|
||||
def tearDown(self):
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ class TestProjects(unittest.TestCase):
|
|||
TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT)
|
||||
|
||||
#3. Add user(UA) as a member of project(PA) with project-admin role;
|
||||
self.project.add_project_members(TestProjects.project_sign_image_id, TestProjects.user_sign_image_id, **ADMIN_CLIENT)
|
||||
self.project.add_project_members(TestProjects.project_sign_image_id, user_id=TestProjects.user_sign_image_id, **ADMIN_CLIENT)
|
||||
|
||||
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
|
||||
self.project.projects_should_exist(dict(public=False), expected_count = 1,
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ class TestProjects(unittest.TestCase):
|
|||
TestProjects.project_scan_image_id, TestProjects.project_scan_image_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT)
|
||||
|
||||
#3. Add user(UA) as a member of project(PA) with project-admin role;
|
||||
self.project.add_project_members(TestProjects.project_scan_image_id, TestProjects.user_scan_image_id, **ADMIN_CLIENT)
|
||||
self.project.add_project_members(TestProjects.project_scan_image_id, user_id=TestProjects.user_scan_image_id, **ADMIN_CLIENT)
|
||||
|
||||
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
|
||||
self.project.projects_should_exist(dict(public=False), expected_count = 1,
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ class TestProjects(unittest.TestCase):
|
|||
TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT)
|
||||
|
||||
#3. Add user(UA) as a member of project(PA) with project-admin role;
|
||||
self.project.add_project_members(TestProjects.project_sign_image_id, TestProjects.user_sign_image_id, **ADMIN_CLIENT)
|
||||
self.project.add_project_members(TestProjects.project_sign_image_id, user_id=TestProjects.user_sign_image_id, **ADMIN_CLIENT)
|
||||
|
||||
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
|
||||
self.project.projects_should_exist(dict(public=False), expected_count = 1,
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
"""
|
||||
Harbor API
|
||||
|
||||
These APIs provide services for manipulating Harbor project.
|
||||
These APIs provide services for manipulating Harbor project.
|
||||
|
||||
OpenAPI spec version: 1.4.0
|
||||
|
||||
|
||||
Generated by: https://github.com/swagger-api/swagger-codegen.git
|
||||
"""
|
||||
|
||||
|
|
@ -22,8 +22,8 @@ import testutils
|
|||
|
||||
import swagger_client
|
||||
from swagger_client.rest import ApiException
|
||||
from swagger_client.models.user_group import UserGroup
|
||||
from swagger_client.models.configurations import Configurations
|
||||
from swagger_client.models.user_group import UserGroup
|
||||
from swagger_client.models.configurations import Configurations
|
||||
from pprint import pprint
|
||||
|
||||
#Testcase
|
||||
|
|
@ -37,7 +37,7 @@ class TestUserGroup(unittest.TestCase):
|
|||
groupId = 0
|
||||
def setUp(self):
|
||||
result = self.product_api.configurations_put(configurations=Configurations(ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2))
|
||||
pprint(result)
|
||||
pprint(result)
|
||||
pass
|
||||
|
||||
def tearDown(self):
|
||||
|
|
@ -50,10 +50,10 @@ class TestUserGroup(unittest.TestCase):
|
|||
user_group = UserGroup(group_name="harbor_group123", group_type=1, ldap_group_dn="cn=harbor_group,ou=groups,dc=example,dc=com")
|
||||
result = self.product_api.usergroups_post(usergroup=user_group)
|
||||
pprint(result)
|
||||
|
||||
|
||||
user_groups = self.product_api.usergroups_get()
|
||||
found = False
|
||||
|
||||
|
||||
for ug in user_groups :
|
||||
if ug.group_name == "harbor_group123" :
|
||||
found = True
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ def created_project(name=None, metadata=None, user_id=None, member_role_id=None)
|
|||
|
||||
project_id, project_name = api.create_project(name=None, metadata=None, **ADMIN_CLIENT)
|
||||
if user_id:
|
||||
api.add_project_members(project_id, user_id, member_role_id=member_role_id, **ADMIN_CLIENT)
|
||||
api.add_project_members(project_id, user_id=user_id, member_role_id=member_role_id, **ADMIN_CLIENT)
|
||||
|
||||
try:
|
||||
yield (project_id, project_name)
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ fi
|
|||
sudo curl -o $DIR/../../tests/apitests/python/mariadb-4.3.1.tgz https://storage.googleapis.com/harbor-builds/bin/charts/mariadb-4.3.1.tgz
|
||||
|
||||
sudo apt-get update && sudo apt-get install -y --no-install-recommends python-dev openjdk-7-jdk libssl-dev && sudo apt-get autoremove -y && sudo rm -rf /var/lib/apt/lists/*
|
||||
sudo wget https://bootstrap.pypa.io/get-pip.py && sudo python ./get-pip.py && sudo pip install --ignore-installed urllib3 chardet requests && sudo pip install robotframework==3.0.4 robotframework-httplibrary requests dbbot robotframework-pabot --upgrade
|
||||
sudo wget https://bootstrap.pypa.io/get-pip.py && sudo python ./get-pip.py && sudo pip install --ignore-installed urllib3 chardet requests && sudo pip install robotframework==3.2.1 robotframework-httplibrary requests --upgrade
|
||||
sudo make swagger_client
|
||||
if [ $GITHUB_TOKEN ];
|
||||
then
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ set +e
|
|||
docker ps
|
||||
# run db auth api cases
|
||||
if [ "$1" = 'DB' ]; then
|
||||
pybot -X -v ip:$2 -v HARBOR_PASSWORD:Harbor12345 $DIR/../../tests/robot-cases/Group0-BAT/API_DB.robot
|
||||
robot -X -v ip:$2 -v HARBOR_PASSWORD:Harbor12345 $DIR/../../tests/robot-cases/Group0-BAT/API_DB.robot
|
||||
elif [ "$1" = 'LDAP' ]; then
|
||||
# run ldap api cases
|
||||
python $DIR/../../tests/configharbor.py -H $IP -u $HARBOR_ADMIN -p $HARBOR_ADMIN_PASSWD -c auth_mode=ldap_auth \
|
||||
|
|
@ -39,7 +39,7 @@ elif [ "$1" = 'LDAP' ]; then
|
|||
ldap_search_password=admin \
|
||||
ldap_base_dn=dc=example,dc=com \
|
||||
ldap_uid=cn
|
||||
pybot -X -v ip:$2 -v HARBOR_PASSWORD:Harbor12345 $DIR/../../tests/robot-cases/Group0-BAT/API_LDAP.robot
|
||||
robot -X -v ip:$2 -v HARBOR_PASSWORD:Harbor12345 $DIR/../../tests/robot-cases/Group0-BAT/API_LDAP.robot
|
||||
else
|
||||
rc=999
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in New Issue