Add cosign UI test case

Signed-off-by: Yang Jiao <jiaoya@vmware.com>
This commit is contained in:
Yang Jiao 2022-01-17 07:40:49 +00:00
parent cd8d48794a
commit 6e93089845
9 changed files with 91 additions and 6 deletions

View File

@ -0,0 +1,27 @@
# Copyright Project Harbor Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License
*** Settings ***
Documentation This resource provides helper functions for docker operations
Library OperatingSystem
Library Process
*** Keywords ***
Cosign Generate Key Pair
Remove Files cosign.key cosign.pub
Wait Unitl Command Success cosign generate-key-pair
Cosign Sign
[Arguments] ${artifact}
Wait Unitl Command Success cosign sign --allow-insecure-registry --key cosign.key ${artifact}

View File

@ -22,6 +22,7 @@ ${artifact_action_copy_xpath} //clr-dropdown-menu//div[contains(.,'Copy') and @
${artifact_achieve_icon} //artifact-list-tab//clr-datagrid//clr-dg-row[contains(.,'sha256')]//clr-dg-cell[1]//clr-tooltip//a
${artifact_rows} //artifact-list-tab//clr-datagrid//clr-dg-row[contains(.,'sha256')]
${archive_rows} //artifact-list-tab//clr-datagrid//clr-dg-row[contains(.,'sha256')]//clr-dg-cell[1]//clr-tooltip//a
${artifact_list_refresh_btn} //artifact-list-tab//div//span[@class='refresh-btn']
${artifact_list_spinner} xpath=//clr-datagrid//clr-spinner
${artifact_tag_component} xpath=//artifact-tag

View File

@ -17,10 +17,14 @@ Click Project Public
Mouse Down //hbr-project-policy-config//input[@name='public']
Mouse Up //hbr-project-policy-config//input[@name='public']
Click Notary Deployment security
Click Notary Deployment Security
Mouse Down //input[@id='content-trust']
Mouse Up //input[@id='content-trust']
Click Cosign Deployment Security
Mouse Down //input[@id='content-trust-cosign']
Mouse Up //input[@id='content-trust-cosign']
Click Prevent Running
Mouse Down //hbr-project-policy-config//input[@name='prevent-vulnerability-image']
Mouse Up //hbr-project-policy-config//input[@name='prevent-vulnerability-image']
@ -46,9 +50,12 @@ Project Should Be Public
[Arguments] ${projectName}
Retry Wait Until Page Contains Element //clr-dg-row[contains(.,'${projectName}')]//clr-dg-cell[contains(.,'Public')]
Content Trust Should Be Selected
Content Notary Deployment security Be Selected
Checkbox Should Be Selected //input[@id='content-trust']
Content Cosign Deployment security Be Selected
Checkbox Should Be Selected //input[@id='content-trust-cosign']
Prevent Running Should Be Selected
Checkbox Should Be Selected //hbr-project-policy-config//input[@name='prevent-vulnerability-image']

View File

@ -376,3 +376,21 @@ Select Storage Quota unit
[Arguments] ${unit}
Select From List By Value ${project_add_storage_quota_unit_id} ${unit}
Should Not Be Signed By Cosign
[Arguments] ${tag}
Retry Wait Element Visible //clr-dg-row[contains(.,'latest')]//clr-icon[contains(@class,'color-red')]
Should Be Signed By Cosign
[Arguments] ${tag}
Retry Wait Element Visible //clr-dg-row[contains(.,'${tag}')]// clr-icon[contains(@class,'signed')]
Delete Accessory
[Arguments] ${tag}
Retry Button Click //clr-dg-row[contains(.,'${tag}')]//button[contains(@class,'datagrid-expandable-caret-button')]
Retry Button Click //clr-dg-row[contains(.,'${tag}')]//button[contains(@class,'datagrid-action-toggle')]
Retry Button Click //div[@id='clr-action-menu1']/button[@class='action-item']
Retry Button Click //div[contains(@class,'modal-content')]//button[contains(@class,'btn-danger')]
Should be Accessory deleted
[Arguments] ${tag}
Retry Wait Until Page Not Contains Element //clr-dg-row[contains(.,'${tag}')]//button[contains(@class,'datagrid-expandable-caret-button')]

View File

@ -74,6 +74,7 @@ Resource Cert-Util.robot
Resource SeleniumUtil.robot
Resource Nightly-Util.robot
Resource APITest-Util.robot
Resource Cosign_Util.robot
Resource TestCaseBody.robot
*** Keywords ***

View File

@ -863,3 +863,30 @@ Test Case - Carvel Imgpkg Push And Pull To Harbor
Wait Unitl Command Success docker logout ${ip}
Retry File Should Exist ${out_path}/.imgpkg/bundle.yml
Retry File Should Exist ${out_path}/.imgpkg/images.yml
Test Case - Cosign And Cosign Deployment Security Policy
[Tags] cosign
Init Chrome Driver
${user}= Set Variable user006
${pwd}= Set Variable Test1@34
${d}= Get Current Date result_format=%m%s
${image}= Set Variable hello-world
${tag}= Set Variable latest
Sign In Harbor ${HARBOR_URL} ${user} ${pwd}
Create An New Project And Go Into Project project${d}
Goto Project Config
Click Cosign Deployment Security
Save Project Config
Content Cosign Deployment security Be Selected
Push Image With Tag ${ip} ${user} ${pwd} project${d} ${image} ${tag}
Go Into Project project${d}
Retry Double Keywords When Error Go Into Repo project${d}/${image} Should Not Be Signed By Cosign ${tag}
Cannot Pull Image ${ip} ${user} ${pwd} project${d} ${image}:${tag} err_msg=The image is not signed in Cosign.
Cosign Generate Key Pair
Cosign Sign ${ip}/project${d}/${image}:${tag}
Retry Double Keywords When Error Retry Element Click ${artifact_list_refresh_btn} Should Be Signed By Cosign ${tag}
Pull image ${ip} ${user} ${pwd} project${d} ${image}:${tag}
Retry Double Keywords When Error Delete Accessory ${tag} Should be Accessory deleted ${tag}

View File

@ -31,11 +31,11 @@ Test Case - Project Level Policy Notary Deployment security
Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} hello-world:latest
Go Into Project project${d}
Goto Project Config
Click Notary Deployment security
Click Notary Deployment Security
Save Project Config
# Verify
# Unsigned image can not be pulled
Content Trust Should Be Selected
Content Notary Deployment security Be Selected
Cannot Pull Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} hello-world:latest err_msg=The image is not signed in Notary
# Signed image can be pulled
Body Of Admin Push Signed Image project${d} redis latest ${HARBOR_ADMIN} ${HARBOR_PASSWORD}

View File

@ -68,6 +68,9 @@ RUN pwd && mkdir /tool/binary && \
# Install imgpkg
IMGPKG_VERSION=0.22.0 && wget https://github.com/vmware-tanzu/carvel-imgpkg/releases/download/v$IMGPKG_VERSION/imgpkg-linux-amd64 && \
mv imgpkg-linux-amd64 /tool/binary/imgpkg && chmod +x /tool/binary/imgpkg && \
# Install cosign
COSIGN_VERSION=1.4.1 && wget https://github.com/sigstore/cosign/releases/download/v$COSIGN_VERSION/cosign-linux-amd64 && \
mv cosign-linux-amd64 /tool/binary/cosign && chmod +x /tool/binary/cosign && \
pwd
#ubuntu

View File

@ -3,6 +3,7 @@
FROM ubuntu:18.04
ENV LANG C.UTF-8
ENV HELM_EXPERIMENTAL_OCI=1
ENV COSIGN_PASSWORD=Harbor12345
RUN apt-get update && apt-get install -y --no-install-recommends wget curl gnupg2
RUN apt-get install libseccomp2
RUN wget --no-check-certificate -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
@ -35,8 +36,8 @@ RUN pip3 install --upgrade pip pyasn1 google-apitools==0.5.31 gsutil \
requests dbbot robotframework-seleniumlibrary==4.3.0 robotframework-pabot \
robotframework-JSONLibrary hurry.filesize --upgrade && \
apt-get clean all
# Because the old version of chromedriver cant download files, upgrade it to version 93.0.4577.15, which can download files normally.
RUN wget -N http://chromedriver.storage.googleapis.com/95.0.4638.54/chromedriver_linux64.zip && \
# Upgrade chromedriver version to 97.0.4692.71
RUN wget -N http://chromedriver.storage.googleapis.com/97.0.4692.71/chromedriver_linux64.zip && \
unzip chromedriver_linux64.zip && \
chmod +x chromedriver && \
mv -f chromedriver /usr/local/share/chromedriver && \