diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 5270404ac..a5af8a851 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -233,6 +233,14 @@ jobs: IP=`hostname -I | awk '{print $1}'` echo '{"insecure-registries" : ["'$IP':5000"]}' | sudo tee /etc/docker/daemon.json echo "::set-env name=IP::$IP" + python -V + sudo apt-get update -y && sudo apt-get install -y zbar-tools libzbar-dev python-zbar + sudo apt-get update -y + sudo apt-get install -y python3.6 + sudo rm /usr/bin/python + sudo ln -s /usr/bin/python3.6 /usr/bin/python + sudo apt-get install -y python3-pip + python -V - name: install run: | cd src/github.com/goharbor/harbor diff --git a/Makefile b/Makefile index 43a077e72..669770443 100644 --- a/Makefile +++ b/Makefile @@ -551,14 +551,14 @@ down: swagger_client: @echo "Generate swagger client" - wget https://repo1.maven.org/maven2/io/swagger/swagger-codegen-cli/2.3.1/swagger-codegen-cli-2.3.1.jar -O swagger-codegen-cli.jar + wget https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/4.3.1/openapi-generator-cli-4.3.1.jar -O openapi-generator-cli.jar rm -rf harborclient mkdir -p harborclient/harbor_client mkdir -p harborclient/harbor_swagger_client mkdir -p harborclient/harbor_v2_swagger_client - java -jar swagger-codegen-cli.jar generate -i api/swagger.yaml -l python -o harborclient/harbor_client -DpackageName=client - java -jar swagger-codegen-cli.jar generate -i api/v2.0/legacy_swagger.yaml -l python -o harborclient/harbor_swagger_client -DpackageName=swagger_client - java -jar swagger-codegen-cli.jar generate -i api/v2.0/swagger.yaml -l python -o harborclient/harbor_v2_swagger_client -DpackageName=v2_swagger_client + java -jar openapi-generator-cli.jar generate -i api/swagger.yaml -g python -o harborclient/harbor_client --package-name client + java -jar openapi-generator-cli.jar generate -i api/v2.0/legacy_swagger.yaml -g python -o harborclient/harbor_swagger_client --package-name swagger_client + java -jar openapi-generator-cli.jar generate -i api/v2.0/swagger.yaml -g python -o harborclient/harbor_v2_swagger_client --package-name v2_swagger_client cd harborclient/harbor_client; python ./setup.py install cd harborclient/harbor_swagger_client; python ./setup.py install cd harborclient/harbor_v2_swagger_client; python ./setup.py install diff --git a/tests/apitests/python/library/artifact.py b/tests/apitests/python/library/artifact.py index 97907d518..db6730dfe 100644 --- a/tests/apitests/python/library/artifact.py +++ b/tests/apitests/python/library/artifact.py @@ -91,7 +91,7 @@ class Artifact(base.Base, object): if (timeout_count == 0): break artifact = self.get_reference_info(project_name, repo_name, reference, **kwargs) - scan_status = artifact[0].scan_overview['application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0']["scan_status"] + scan_status = artifact[0].scan_overview['application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0'].scan_status if scan_status == expected_scan_status: return raise Exception("Scan image result is {}, not as expected {}.".format(scan_status, expected_scan_status)) diff --git a/tests/apitests/python/library/configurations.py b/tests/apitests/python/library/configurations.py index 44c321d80..196d0940a 100644 --- a/tests/apitests/python/library/configurations.py +++ b/tests/apitests/python/library/configurations.py @@ -11,6 +11,16 @@ def set_configurations(client, expect_status_code = 200, expect_response_body = conf.project_creation_restriction = config.get("project_creation_restriction") if "token_expiration" in config: conf.token_expiration = config.get("token_expiration") + if "ldap_filter" in config: + conf.ldap_filter = config.get("ldap_filter") + if "ldap_group_attribute_name" in config: + conf.ldap_group_attribute_name = config.get("ldap_group_attribute_name") + if "ldap_group_base_dn" in config: + conf.ldap_group_base_dn = config.get("ldap_group_base_dn") + if "ldap_group_search_filter" in config: + conf.ldap_group_search_filter = config.get("ldap_group_search_filter") + if "ldap_group_search_scope" in config: + conf.ldap_group_search_scope = config.get("ldap_group_search_scope") try: _, status_code, _ = client.configurations_put_with_http_info(conf) @@ -56,3 +66,11 @@ class Configurations(base.Base): config=dict(token_expiration=token_expiration) set_configurations(client, expect_status_code = expect_status_code, **config) + + def set_configurations_of_ldap(self, ldap_filter=None, ldap_group_attribute_name=None, + ldap_group_base_dn=None, ldap_group_search_filter=None, ldap_group_search_scope=None, expect_status_code = 200, **kwargs): + client = self._get_client(**kwargs) + config=dict(ldap_filter=ldap_filter, ldap_group_attribute_name=ldap_group_attribute_name, + ldap_group_base_dn=ldap_group_base_dn, ldap_group_search_filter=ldap_group_search_filter, ldap_group_search_scope=ldap_group_search_scope) + set_configurations(client, expect_status_code = expect_status_code, **config) + diff --git a/tests/apitests/python/library/project.py b/tests/apitests/python/library/project.py index d51b6a11a..af2aeefc6 100644 --- a/tests/apitests/python/library/project.py +++ b/tests/apitests/python/library/project.py @@ -4,6 +4,7 @@ import base import swagger_client import v2_swagger_client from v2_swagger_client.rest import ApiException +from library.base import _assert_status_code def is_member_exist_in_project(members, member_user_name, expected_member_role_id = None): result = False @@ -188,12 +189,18 @@ class Project(base.Base): base._assert_status_code(expect_status_code, status_code) base._assert_status_code(200, status_code) - def add_project_members(self, project_id, user_id, member_role_id = None, expect_status_code = 201, **kwargs): + def add_project_members(self, project_id, user_id = None, member_role_id = None, _ldap_group_dn=None,expect_status_code = 201, **kwargs): kwargs['api_type'] = 'products' + projectMember = swagger_client.ProjectMember() + if user_id is not None: + projectMember.member_user = {"user_id": int(user_id)} if member_role_id is None: - member_role_id = 1 - _member_user = {"user_id": int(user_id)} - projectMember = swagger_client.ProjectMember(member_role_id, member_user = _member_user) + projectMember.role_id = 1 + else: + projectMember.role_id = member_role_id + if _ldap_group_dn is not None: + projectMember.member_group = swagger_client.UserGroup(ldap_group_dn=_ldap_group_dn) + client = self._get_client(**kwargs) data = [] data, status_code, header = client.projects_project_id_members_post_with_http_info(project_id, project_member = projectMember) @@ -257,3 +264,14 @@ class Project(base.Base): _, status_code, _ = client.projects_project_id_robots_robot_id_delete_with_http_info(project_id, robot_id) base._assert_status_code(expect_status_code, status_code) base._assert_status_code(200, status_code) + + def query_user_logs(self, project_name, status_code=200, **kwargs): + try: + logs = self.get_project_log(project_name, expect_status_code=status_code, **kwargs) + count = 0 + for log in list(logs): + count = count + 1 + return count + except ApiException as e: + _assert_status_code(status_code, e.status) + return 0 \ No newline at end of file diff --git a/tests/apitests/python/library/system.py b/tests/apitests/python/library/system.py index 3e2fb1591..02257a595 100644 --- a/tests/apitests/python/library/system.py +++ b/tests/apitests/python/library/system.py @@ -183,7 +183,7 @@ class System(base.Base): except Exception as e: base._assert_status_code(expected_status_code, e.status) else: - base._assert_status_code(expected_status_code, r[1]) + base._assert_status_code(expected_status_code, r.status) def get_cve_allowlist(self, **kwargs): client = self._get_client(**kwargs) diff --git a/tests/apitests/python/library/user.py b/tests/apitests/python/library/user.py index 4983c87ac..3be67cbf0 100644 --- a/tests/apitests/python/library/user.py +++ b/tests/apitests/python/library/user.py @@ -26,11 +26,11 @@ class User(base.Base): return base._get_id_from_header(header), name - def get_users(self, username=None, email=None, page=None, page_size=None, **kwargs): + def get_users(self, user_name=None, email=None, page=None, page_size=None, **kwargs): client = self._get_client(**kwargs) params={} - if username is not None: - params["username"] = username + if user_name is not None: + params["username"] = user_name if email is not None: params["email"] = email if page is not None: @@ -41,12 +41,19 @@ class User(base.Base): base._assert_status_code(200, status_code) return data - def get_user(self, user_id, **kwargs): + def get_user_by_id(self, user_id, **kwargs): client = self._get_client(**kwargs) data, status_code, _ = client.users_user_id_get_with_http_info(user_id) base._assert_status_code(200, status_code) return data + def get_user_by_name(self, name, **kwargs): + users = self.get_users(user_name=name, **kwargs) + for user in users: + if user.username == name: + return user + return None + def get_user_current(self, **kwargs): client = self._get_client(**kwargs) diff --git a/tests/apitests/python/test_add_member_to_private_project.py b/tests/apitests/python/test_add_member_to_private_project.py index 59e79c78d..ec1eefbf6 100644 --- a/tests/apitests/python/test_add_member_to_private_project.py +++ b/tests/apitests/python/test_add_member_to_private_project.py @@ -47,7 +47,7 @@ class TestProjects(unittest.TestCase): self.assertEqual(len(project_001_data), 0, msg="user-001 should has no any private project, but we got {}".format(project_001_data)) #4. Add user-001 as a member of project-001 - result = self.project.add_project_members(project_001_id, user_001_id, **ADMIN_CLIENT) + result = self.project.add_project_members(project_001_id, user_id=user_001_id, **ADMIN_CLIENT) self.assertNotEqual(result, False, msg="Failed to add member user_001 to project_001, result is {}".format(result)) diff --git a/tests/apitests/python/test_add_sys_label_to_tag.py b/tests/apitests/python/test_add_sys_label_to_tag.py index bc7e3e36b..08d07a9f5 100644 --- a/tests/apitests/python/test_add_sys_label_to_tag.py +++ b/tests/apitests/python/test_add_sys_label_to_tag.py @@ -69,7 +69,7 @@ class TestProjects(unittest.TestCase): TestProjects.project_add_g_lbl_id, TestProjects.project_add_g_lbl_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT) #3. Add user-001 as a member of project-001 with project-admin role - self.project.add_project_members(TestProjects.project_add_g_lbl_id, TestProjects.user_add_g_lbl_id, **ADMIN_CLIENT) + self.project.add_project_members(TestProjects.project_add_g_lbl_id, user_id=TestProjects.user_add_g_lbl_id, **ADMIN_CLIENT) #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); self.project.projects_should_exist(dict(public=False), expected_count = 1, diff --git a/tests/apitests/python/test_assign_role_to_ldap_group.py b/tests/apitests/python/test_assign_role_to_ldap_group.py index 7dcdff979..c3ea8af5f 100644 --- a/tests/apitests/python/test_assign_role_to_ldap_group.py +++ b/tests/apitests/python/test_assign_role_to_ldap_group.py @@ -1,167 +1,83 @@ -# coding: utf-8 - -""" - Harbor API - - These APIs provide services for manipulating Harbor project. - - OpenAPI spec version: 1.4.0 - - Generated by: https://github.com/swagger-api/swagger-codegen.git -""" - - -from __future__ import absolute_import -import os -import sys -sys.path.append(os.environ["SWAGGER_CLIENT_PATH"]) - -import unittest -import testutils -import docker - -from testutils import ADMIN_CLIENT -from swagger_client.models.project_member import ProjectMember -from swagger_client.models.user_group import UserGroup -from swagger_client.models.configurations import Configurations -from library.project import Project -from library.base import _assert_status_code -from library.base import _random_name -from v2_swagger_client.rest import ApiException -from pprint import pprint - -#Testcase -#3-07-LDAP usergroup manage project group members -class TestAssignRoleToLdapGroup(unittest.TestCase): - harbor_host = os.environ["HARBOR_HOST"] - """AssignRoleToLdapGroup unit test stubs""" - product_api = testutils.GetProductApi("admin", "Harbor12345") - repository_api = testutils.GetRepositoryApi("admin", "Harbor12345") - project_id = 0 - docker_client = docker.from_env() - _project_name = _random_name("test-ldap-group") - - def setUp(self): - self.project = Project() - - #login with admin, create a project and assign role to ldap group - result = self.product_api.configurations_put(configurations=Configurations(ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2)) - pprint(result) - cfgs = self.product_api.configurations_get() - pprint(cfgs) - result = self.project.create_project(self._project_name, dict(public="false")) - pprint(result) - - projs = self.project.get_projects(dict(name = self._project_name)) - if len(projs)>0 : - project = projs[0] - self.project_id = project.project_id - - # asign role to project with dn - group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com" - projectmember = ProjectMember() - projectmember.role_id = 1 - projectmember.member_group = UserGroup(ldap_group_dn=group_dn) - - result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember ) - pprint(result) - - group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com" - projectmember = ProjectMember() - projectmember.role_id = 2 - projectmember.member_group = UserGroup(ldap_group_dn=group_dn) - - result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember ) - pprint(result) - - group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com" - projectmember = ProjectMember() - projectmember.role_id = 3 - projectmember.member_group = UserGroup(ldap_group_dn=group_dn) - - result = self.product_api.projects_project_id_members_post( project_id=self.project_id, project_member=projectmember ) - pprint(result) - - def tearDown(self): - if self.project_id > 0 : - # delete images in project - result = self.repository_api.delete_repository(self._project_name, "busybox") - pprint(result) - result = self.repository_api.delete_repository(self._project_name, "busyboxdev") - pprint(result) - self.project.delete_project(self.project_id) - - def testAssignRoleToLdapGroup(self): - """Test AssignRoleToLdapGroup""" - admin_product_api = Project("admin_user", "zhu88jie") - projects = admin_product_api.get_projects(dict(name=self._project_name)) - self.assertTrue(len(projects) == 1) - self.assertEqual(1, projects[0].current_user_role_id) - - dev_product_api = Project("dev_user", "zhu88jie") - projects = dev_product_api.get_projects(dict(name=self._project_name)) - self.assertTrue(len(projects) == 1) - self.assertEqual(2, projects[0].current_user_role_id) - - guest_product_api = Project("guest_user", "zhu88jie") - projects = guest_product_api.get_projects(dict(name=self._project_name)) - self.assertTrue(len(projects) == 1) - self.assertEqual(3, projects[0].current_user_role_id) - - self.dockerCmdLoginAdmin(username="admin_user", password="zhu88jie") - self.dockerCmdLoginDev(username="dev_user", password="zhu88jie") - self.dockerCmdLoginGuest(username="guest_user", password="zhu88jie") - - self.assertTrue(self.queryUserLogs(username="admin_user", password="zhu88jie")>0, "admin user can see logs") - self.assertTrue(self.queryUserLogs(username="dev_user", password="zhu88jie")>0, "dev user can see logs") - self.assertTrue(self.queryUserLogs(username="guest_user", password="zhu88jie")>0, "guest user can see logs") - self.assertTrue(self.queryUserLogs(username="test", password="123456", status_code=403)==0, "test user can not see any logs") - - # admin user can push, pull images - def dockerCmdLoginAdmin(self, username, password): - pprint(self.docker_client.info()) - self.docker_client.login(username=username, password=password, registry=self.harbor_host) - self.docker_client.images.pull("busybox:latest") - image = self.docker_client.images.get("busybox:latest") - image.tag(repository=self.harbor_host+"/"+self._project_name+"/busybox", tag="latest") - output = self.docker_client.images.push(repository=self.harbor_host+"/"+self._project_name+"/busybox", tag="latest") - if output.find("error")>0 : - self.fail("Should not fail to push image for admin_user") - self.docker_client.images.pull(repository=self.harbor_host+"/"+self._project_name+"/busybox", tag="latest") - - # dev user can push, pull images - def dockerCmdLoginDev(self, username, password, harbor_server=harbor_host): - self.docker_client.login(username=username, password=password, registry=self.harbor_host) - self.docker_client.images.pull("busybox:latest") - image = self.docker_client.images.get("busybox:latest") - image.tag(repository=self.harbor_host+"/"+self._project_name+"/busyboxdev", tag="latest") - output = self.docker_client.images.push(repository=self.harbor_host+"/"+self._project_name+"/busyboxdev", tag="latest") - if output.find("error") >0 : - self.fail("Should not fail to push images for dev_user") - - # guest user can pull images - def dockerCmdLoginGuest(self, username, password, harbor_server=harbor_host): - self.docker_client.login(username=username, password=password, registry=self.harbor_host) - self.docker_client.images.pull("busybox:latest") - image = self.docker_client.images.get("busybox:latest") - image.tag(repository=self.harbor_host+"/"+self._project_name+"/busyboxguest", tag="latest") - output = self.docker_client.images.push(repository=self.harbor_host+"1/"+self._project_name+"/busyboxguest", tag="latest") - if output.find("error")<0 : - self.fail("Should failed to push image for guest user") - self.docker_client.images.pull(repository=self.harbor_host+"/"+self._project_name+"/busybox", tag="latest") - - # check can see his log in current project - def queryUserLogs(self, username, password, status_code=200): - client=dict(endpoint = ADMIN_CLIENT["endpoint"], username = username, password = password) - try: - logs = self.project.get_project_log(self._project_name, status_code, **client) - count = 0 - for log in list(logs): - count = count + 1 - return count - except ApiException as e: - _assert_status_code(status_code, e.status) - return 0 - -if __name__ == '__main__': - unittest.main() +from __future__ import absolute_import +import unittest + +from testutils import harbor_server +from testutils import TEARDOWN +from testutils import ADMIN_CLIENT +from testutils import created_user, created_project +from library.project import Project +from library.user import User +from library.repository import Repository +from library.repository import push_image_to_project +from library.artifact import Artifact +from library.scan import Scan +from library.scanner import Scanner +from library.configurations import Configurations +from library.projectV2 import ProjectV2 + + +class TestAssignRoleToLdapGroup(unittest.TestCase): + @classmethod + def setUp(self): + self.conf= Configurations() + self.project = Project() + self.artifact = Artifact() + self.repo = Repository() + self.scan = Scan() + + @classmethod + def tearDown(self): + print("Case completed") + + def TestAssignRoleToLdapGroup(self): + """ + Test case: + Assign Role To Ldap Group + Test step and expected result: + 1. Set LDAP Auth configurations; + 2. Create a new public project(PA) by Admin; + 3. Add 3 member groups to project(PA); + 4. Push image by each member role; + 5. Verfify that admin_user and dev_user can push image, guest_user can not push image; + 6. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs. + 7. Delete repository(RA) by user(UA); + 8. Delete project(PA); + """ + url = ADMIN_CLIENT["endpoint"] + USER_ADMIN=dict(endpoint = url, username = "admin_user", password = "zhu88jie", repo = "hello-world") + USER_DEV=dict(endpoint = url, username = "dev_user", password = "zhu88jie", repo = "alpine") + USER_GUEST=dict(endpoint = url, username = "guest_user", password = "zhu88jie", repo = "busybox") + USER_TEST=dict(endpoint = url, username = "test", password = "123456") + + self.conf.set_configurations_of_ldap(ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", + ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) + + with created_project(metadata={"public": "false"}) as (project_id, project_name): + self.project.add_project_members(project_id, member_role_id = 1, _ldap_group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) + self.project.add_project_members(project_id, member_role_id = 2, _ldap_group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) + self.project.add_project_members(project_id, member_role_id = 3, _ldap_group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) + projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN) + self.assertTrue(len(projects) == 1) + self.assertEqual(1, projects[0].current_user_role_id) + + repo_name_admin, _ = push_image_to_project(project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest") + artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN) + self.assertTrue(len(artifacts) == 1) + repo_name_dev, _ = push_image_to_project(project_name, harbor_server, USER_DEV["username"], USER_DEV["password"], USER_DEV["repo"], "latest") + artifacts = self.artifact.list_artifacts(project_name, USER_DEV["repo"], **USER_DEV) + self.assertTrue(len(artifacts) == 1) + push_image_to_project(project_name, harbor_server, USER_GUEST["username"], USER_GUEST["password"], USER_GUEST["repo"], "latest") + artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST) + self.assertTrue(len(artifacts) == 0) + + + self.assertTrue(self.project.query_user_logs(project_name, **USER_ADMIN)>0, "admin user can see logs") + self.assertTrue(self.project.query_user_logs(project_name, **USER_DEV)>0, "dev user can see logs") + self.assertTrue(self.project.query_user_logs(project_name, **USER_GUEST)>0, "guest user can see logs") + self.assertTrue(self.project.query_user_logs(project_name, status_code=403, **USER_TEST)==0, "test user can not see any logs") + + self.repo.delete_repoitory(project_name, repo_name_admin.split('/')[1], **USER_ADMIN) + self.repo.delete_repoitory(project_name, repo_name_dev.split('/')[1], **USER_ADMIN) + +if __name__ == '__main__': + unittest.main() \ No newline at end of file diff --git a/tests/apitests/python/test_ldap_admin_role.py b/tests/apitests/python/test_ldap_admin_role.py index 9a573fc35..f1ad2a4d9 100644 --- a/tests/apitests/python/test_ldap_admin_role.py +++ b/tests/apitests/python/test_ldap_admin_role.py @@ -1,73 +1,49 @@ -# coding: utf-8 - -""" - Harbor API - - These APIs provide services for manipulating Harbor project. - - OpenAPI spec version: 1.4.0 - - Generated by: https://github.com/swagger-api/swagger-codegen.git -""" - - from __future__ import absolute_import - -import os -import sys -sys.path.append(os.environ["SWAGGER_CLIENT_PATH"]) - import unittest -import testutils -import swagger_client + +from testutils import harbor_server from testutils import TEARDOWN -from library.base import _random_name +from testutils import ADMIN_CLIENT +from library.user import User from library.project import Project -from swagger_client.models.configurations import Configurations -from pprint import pprint +from library.configurations import Configurations -#Testcase -# Define a LDAP group with harbor admin class TestLdapAdminRole(unittest.TestCase): - """AccessLog unit test stubs""" - product_api = testutils.GetProductApi("admin", "Harbor12345") - project_id = 0 - + @classmethod def setUp(self): - self.project= Project() - self.mike_product_api = Project("mike", "zhu88jie") + url = ADMIN_CLIENT["endpoint"] + self.conf= Configurations() + self.uesr = User() + self.project = Project() + self.USER_MIKE=dict(endpoint = url, username = "mike", password = "zhu88jie") + @classmethod def tearDown(self): + self.project.delete_project(TestLdapAdminRole.project_id, **self.USER_MIKE) print("Case completed") - @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") - def test_ClearData(self): - if self.project_id > 0 : - self.mike_product_api.delete_project(self.project_id) - def testLdapAdminRole(self): - """Test LdapAdminRole""" - _project_name = _random_name("test-ldap-admin-role") - result = self.product_api.configurations_put(configurations=Configurations(ldap_group_admin_dn="cn=harbor_users,ou=groups,dc=example,dc=com")) + """ + Test case: + LDAP Admin Role + Test step and expected result: + 1. Set LDAP Auth configurations; + 2. Create a new public project(PA) by LDAP user mike; + 3. Check project is created successfully; + 4. Check mike is not admin; + 5. Delete project(PA); + """ - # Create a private project - result = self.project.create_project(_project_name) - # query project with ldap user mike - projects = self.mike_product_api.get_projects(dict(name=_project_name)) + self.conf.set_configurations_of_ldap(ldap_group_admin_dn="cn=harbor_users,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) - print("=================", projects) - self.assertTrue(len(projects) == 1) - self.project_id = projects[0].project_id + TestLdapAdminRole.project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_MIKE) + self.project.check_project_name_exist(name=project_name, **self.USER_MIKE) - # check the mike is not admin in Database - user_list = self.product_api.users_get(username="mike") - pprint(user_list[0]) - self.assertFalse(user_list[0].sysadmin_flag) - - pass + _user = self.uesr.get_user_by_name(self.USER_MIKE["username"], **ADMIN_CLIENT) + self.assertFalse(_user.sysadmin_flag) if __name__ == '__main__': - unittest.main() + unittest.main() \ No newline at end of file diff --git a/tests/apitests/python/test_manage_project_member.py b/tests/apitests/python/test_manage_project_member.py index 62924c346..0bde95351 100644 --- a/tests/apitests/python/test_manage_project_member.py +++ b/tests/apitests/python/test_manage_project_member.py @@ -80,7 +80,7 @@ class TestProjects(unittest.TestCase): self.project.check_project_member_not_exist(TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT) #4.1 Alice Add Bob as a guest member of project(PA) - member_id_bob = self.project.add_project_members(TestProjects.project_alice_id, TestProjects.user_bob_id, member_role_id = 3, **USER_ALICE_CLIENT) + member_id_bob = self.project.add_project_members(TestProjects.project_alice_id, user_id=TestProjects.user_bob_id, member_role_id = 3, **USER_ALICE_CLIENT) #4.2 Check Bob is a guest member of project(PA) self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 3, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT) diff --git a/tests/apitests/python/test_project_level_cve_allowlist.py b/tests/apitests/python/test_project_level_cve_allowlist.py index 6dbab8b1a..2a7bb804a 100644 --- a/tests/apitests/python/test_project_level_cve_allowlist.py +++ b/tests/apitests/python/test_project_level_cve_allowlist.py @@ -46,7 +46,7 @@ class TestProjectCVEAllowlist(unittest.TestCase): self.user_ra_id = int(user_ra_id) p_id, _ = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT) self.project_pa_id = int(p_id) - m_id = self.project.add_project_members(self.project_pa_id, self.user_ra_id, member_role_id=3, **ADMIN_CLIENT) + m_id = self.project.add_project_members(self.project_pa_id, user_id=self.user_ra_id, member_role_id=3, **ADMIN_CLIENT) self.member_id = int(m_id) def tearDown(self): diff --git a/tests/apitests/python/test_push_image_with_special_name.py b/tests/apitests/python/test_push_image_with_special_name.py index b6732219f..93c683e34 100644 --- a/tests/apitests/python/test_push_image_with_special_name.py +++ b/tests/apitests/python/test_push_image_with_special_name.py @@ -63,7 +63,7 @@ class TestProjects(unittest.TestCase): TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT) #3. Add user(UA) as a member of project(PA) with project-admin role; - self.project.add_project_members(TestProjects.project_sign_image_id, TestProjects.user_sign_image_id, **ADMIN_CLIENT) + self.project.add_project_members(TestProjects.project_sign_image_id, user_id=TestProjects.user_sign_image_id, **ADMIN_CLIENT) #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); self.project.projects_should_exist(dict(public=False), expected_count = 1, diff --git a/tests/apitests/python/test_scan_image_artifact.py b/tests/apitests/python/test_scan_image_artifact.py index 9ec4bedb4..15169c2a5 100644 --- a/tests/apitests/python/test_scan_image_artifact.py +++ b/tests/apitests/python/test_scan_image_artifact.py @@ -66,7 +66,7 @@ class TestProjects(unittest.TestCase): TestProjects.project_scan_image_id, TestProjects.project_scan_image_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT) #3. Add user(UA) as a member of project(PA) with project-admin role; - self.project.add_project_members(TestProjects.project_scan_image_id, TestProjects.user_scan_image_id, **ADMIN_CLIENT) + self.project.add_project_members(TestProjects.project_scan_image_id, user_id=TestProjects.user_scan_image_id, **ADMIN_CLIENT) #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); self.project.projects_should_exist(dict(public=False), expected_count = 1, diff --git a/tests/apitests/python/test_sign_image.py b/tests/apitests/python/test_sign_image.py index 8742cf6a3..95f5b1aa8 100644 --- a/tests/apitests/python/test_sign_image.py +++ b/tests/apitests/python/test_sign_image.py @@ -64,7 +64,7 @@ class TestProjects(unittest.TestCase): TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT) #3. Add user(UA) as a member of project(PA) with project-admin role; - self.project.add_project_members(TestProjects.project_sign_image_id, TestProjects.user_sign_image_id, **ADMIN_CLIENT) + self.project.add_project_members(TestProjects.project_sign_image_id, user_id=TestProjects.user_sign_image_id, **ADMIN_CLIENT) #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); self.project.projects_should_exist(dict(public=False), expected_count = 1, diff --git a/tests/apitests/python/test_user_group.py b/tests/apitests/python/test_user_group.py index e2e2e84d0..f727cd0ad 100644 --- a/tests/apitests/python/test_user_group.py +++ b/tests/apitests/python/test_user_group.py @@ -3,10 +3,10 @@ """ Harbor API - These APIs provide services for manipulating Harbor project. + These APIs provide services for manipulating Harbor project. OpenAPI spec version: 1.4.0 - + Generated by: https://github.com/swagger-api/swagger-codegen.git """ @@ -22,8 +22,8 @@ import testutils import swagger_client from swagger_client.rest import ApiException -from swagger_client.models.user_group import UserGroup -from swagger_client.models.configurations import Configurations +from swagger_client.models.user_group import UserGroup +from swagger_client.models.configurations import Configurations from pprint import pprint #Testcase @@ -37,7 +37,7 @@ class TestUserGroup(unittest.TestCase): groupId = 0 def setUp(self): result = self.product_api.configurations_put(configurations=Configurations(ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2)) - pprint(result) + pprint(result) pass def tearDown(self): @@ -50,10 +50,10 @@ class TestUserGroup(unittest.TestCase): user_group = UserGroup(group_name="harbor_group123", group_type=1, ldap_group_dn="cn=harbor_group,ou=groups,dc=example,dc=com") result = self.product_api.usergroups_post(usergroup=user_group) pprint(result) - + user_groups = self.product_api.usergroups_get() found = False - + for ug in user_groups : if ug.group_name == "harbor_group123" : found = True diff --git a/tests/apitests/python/testutils.py b/tests/apitests/python/testutils.py index f938c9da0..36927cc19 100644 --- a/tests/apitests/python/testutils.py +++ b/tests/apitests/python/testutils.py @@ -86,7 +86,7 @@ def created_project(name=None, metadata=None, user_id=None, member_role_id=None) project_id, project_name = api.create_project(name=None, metadata=None, **ADMIN_CLIENT) if user_id: - api.add_project_members(project_id, user_id, member_role_id=member_role_id, **ADMIN_CLIENT) + api.add_project_members(project_id, user_id=user_id, member_role_id=member_role_id, **ADMIN_CLIENT) try: yield (project_id, project_name) diff --git a/tests/ci/api_common_install.sh b/tests/ci/api_common_install.sh index 63be2ed02..7072bccd6 100755 --- a/tests/ci/api_common_install.sh +++ b/tests/ci/api_common_install.sh @@ -24,7 +24,7 @@ fi sudo curl -o $DIR/../../tests/apitests/python/mariadb-4.3.1.tgz https://storage.googleapis.com/harbor-builds/bin/charts/mariadb-4.3.1.tgz sudo apt-get update && sudo apt-get install -y --no-install-recommends python-dev openjdk-7-jdk libssl-dev && sudo apt-get autoremove -y && sudo rm -rf /var/lib/apt/lists/* -sudo wget https://bootstrap.pypa.io/get-pip.py && sudo python ./get-pip.py && sudo pip install --ignore-installed urllib3 chardet requests && sudo pip install robotframework==3.0.4 robotframework-httplibrary requests dbbot robotframework-pabot --upgrade +sudo wget https://bootstrap.pypa.io/get-pip.py && sudo python ./get-pip.py && sudo pip install --ignore-installed urllib3 chardet requests && sudo pip install robotframework==3.2.1 robotframework-httplibrary requests --upgrade sudo make swagger_client if [ $GITHUB_TOKEN ]; then diff --git a/tests/ci/api_run.sh b/tests/ci/api_run.sh index 149448d6a..33ad774bf 100755 --- a/tests/ci/api_run.sh +++ b/tests/ci/api_run.sh @@ -30,7 +30,7 @@ set +e docker ps # run db auth api cases if [ "$1" = 'DB' ]; then - pybot -X -v ip:$2 -v HARBOR_PASSWORD:Harbor12345 $DIR/../../tests/robot-cases/Group0-BAT/API_DB.robot + robot -X -v ip:$2 -v HARBOR_PASSWORD:Harbor12345 $DIR/../../tests/robot-cases/Group0-BAT/API_DB.robot elif [ "$1" = 'LDAP' ]; then # run ldap api cases python $DIR/../../tests/configharbor.py -H $IP -u $HARBOR_ADMIN -p $HARBOR_ADMIN_PASSWD -c auth_mode=ldap_auth \ @@ -39,7 +39,7 @@ elif [ "$1" = 'LDAP' ]; then ldap_search_password=admin \ ldap_base_dn=dc=example,dc=com \ ldap_uid=cn - pybot -X -v ip:$2 -v HARBOR_PASSWORD:Harbor12345 $DIR/../../tests/robot-cases/Group0-BAT/API_LDAP.robot + robot -X -v ip:$2 -v HARBOR_PASSWORD:Harbor12345 $DIR/../../tests/robot-cases/Group0-BAT/API_LDAP.robot else rc=999 fi