mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-29 05:35:43 +01:00
Add cosign UI test case
Signed-off-by: Yang Jiao <jiaoya@vmware.com>
This commit is contained in:
parent
cd8d48794a
commit
6e93089845
27
tests/resources/Cosign_Util.robot
Normal file
27
tests/resources/Cosign_Util.robot
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# Copyright Project Harbor Authors
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License
|
||||||
|
|
||||||
|
*** Settings ***
|
||||||
|
Documentation This resource provides helper functions for docker operations
|
||||||
|
Library OperatingSystem
|
||||||
|
Library Process
|
||||||
|
|
||||||
|
*** Keywords ***
|
||||||
|
Cosign Generate Key Pair
|
||||||
|
Remove Files cosign.key cosign.pub
|
||||||
|
Wait Unitl Command Success cosign generate-key-pair
|
||||||
|
|
||||||
|
Cosign Sign
|
||||||
|
[Arguments] ${artifact}
|
||||||
|
Wait Unitl Command Success cosign sign --allow-insecure-registry --key cosign.key ${artifact}
|
@ -22,6 +22,7 @@ ${artifact_action_copy_xpath} //clr-dropdown-menu//div[contains(.,'Copy') and @
|
|||||||
${artifact_achieve_icon} //artifact-list-tab//clr-datagrid//clr-dg-row[contains(.,'sha256')]//clr-dg-cell[1]//clr-tooltip//a
|
${artifact_achieve_icon} //artifact-list-tab//clr-datagrid//clr-dg-row[contains(.,'sha256')]//clr-dg-cell[1]//clr-tooltip//a
|
||||||
${artifact_rows} //artifact-list-tab//clr-datagrid//clr-dg-row[contains(.,'sha256')]
|
${artifact_rows} //artifact-list-tab//clr-datagrid//clr-dg-row[contains(.,'sha256')]
|
||||||
${archive_rows} //artifact-list-tab//clr-datagrid//clr-dg-row[contains(.,'sha256')]//clr-dg-cell[1]//clr-tooltip//a
|
${archive_rows} //artifact-list-tab//clr-datagrid//clr-dg-row[contains(.,'sha256')]//clr-dg-cell[1]//clr-tooltip//a
|
||||||
|
${artifact_list_refresh_btn} //artifact-list-tab//div//span[@class='refresh-btn']
|
||||||
|
|
||||||
${artifact_list_spinner} xpath=//clr-datagrid//clr-spinner
|
${artifact_list_spinner} xpath=//clr-datagrid//clr-spinner
|
||||||
${artifact_tag_component} xpath=//artifact-tag
|
${artifact_tag_component} xpath=//artifact-tag
|
||||||
|
@ -17,10 +17,14 @@ Click Project Public
|
|||||||
Mouse Down //hbr-project-policy-config//input[@name='public']
|
Mouse Down //hbr-project-policy-config//input[@name='public']
|
||||||
Mouse Up //hbr-project-policy-config//input[@name='public']
|
Mouse Up //hbr-project-policy-config//input[@name='public']
|
||||||
|
|
||||||
Click Notary Deployment security
|
Click Notary Deployment Security
|
||||||
Mouse Down //input[@id='content-trust']
|
Mouse Down //input[@id='content-trust']
|
||||||
Mouse Up //input[@id='content-trust']
|
Mouse Up //input[@id='content-trust']
|
||||||
|
|
||||||
|
Click Cosign Deployment Security
|
||||||
|
Mouse Down //input[@id='content-trust-cosign']
|
||||||
|
Mouse Up //input[@id='content-trust-cosign']
|
||||||
|
|
||||||
Click Prevent Running
|
Click Prevent Running
|
||||||
Mouse Down //hbr-project-policy-config//input[@name='prevent-vulnerability-image']
|
Mouse Down //hbr-project-policy-config//input[@name='prevent-vulnerability-image']
|
||||||
Mouse Up //hbr-project-policy-config//input[@name='prevent-vulnerability-image']
|
Mouse Up //hbr-project-policy-config//input[@name='prevent-vulnerability-image']
|
||||||
@ -46,9 +50,12 @@ Project Should Be Public
|
|||||||
[Arguments] ${projectName}
|
[Arguments] ${projectName}
|
||||||
Retry Wait Until Page Contains Element //clr-dg-row[contains(.,'${projectName}')]//clr-dg-cell[contains(.,'Public')]
|
Retry Wait Until Page Contains Element //clr-dg-row[contains(.,'${projectName}')]//clr-dg-cell[contains(.,'Public')]
|
||||||
|
|
||||||
Content Trust Should Be Selected
|
Content Notary Deployment security Be Selected
|
||||||
Checkbox Should Be Selected //input[@id='content-trust']
|
Checkbox Should Be Selected //input[@id='content-trust']
|
||||||
|
|
||||||
|
Content Cosign Deployment security Be Selected
|
||||||
|
Checkbox Should Be Selected //input[@id='content-trust-cosign']
|
||||||
|
|
||||||
Prevent Running Should Be Selected
|
Prevent Running Should Be Selected
|
||||||
Checkbox Should Be Selected //hbr-project-policy-config//input[@name='prevent-vulnerability-image']
|
Checkbox Should Be Selected //hbr-project-policy-config//input[@name='prevent-vulnerability-image']
|
||||||
|
|
||||||
|
@ -376,3 +376,21 @@ Select Storage Quota unit
|
|||||||
[Arguments] ${unit}
|
[Arguments] ${unit}
|
||||||
Select From List By Value ${project_add_storage_quota_unit_id} ${unit}
|
Select From List By Value ${project_add_storage_quota_unit_id} ${unit}
|
||||||
|
|
||||||
|
Should Not Be Signed By Cosign
|
||||||
|
[Arguments] ${tag}
|
||||||
|
Retry Wait Element Visible //clr-dg-row[contains(.,'latest')]//clr-icon[contains(@class,'color-red')]
|
||||||
|
|
||||||
|
Should Be Signed By Cosign
|
||||||
|
[Arguments] ${tag}
|
||||||
|
Retry Wait Element Visible //clr-dg-row[contains(.,'${tag}')]// clr-icon[contains(@class,'signed')]
|
||||||
|
|
||||||
|
Delete Accessory
|
||||||
|
[Arguments] ${tag}
|
||||||
|
Retry Button Click //clr-dg-row[contains(.,'${tag}')]//button[contains(@class,'datagrid-expandable-caret-button')]
|
||||||
|
Retry Button Click //clr-dg-row[contains(.,'${tag}')]//button[contains(@class,'datagrid-action-toggle')]
|
||||||
|
Retry Button Click //div[@id='clr-action-menu1']/button[@class='action-item']
|
||||||
|
Retry Button Click //div[contains(@class,'modal-content')]//button[contains(@class,'btn-danger')]
|
||||||
|
|
||||||
|
Should be Accessory deleted
|
||||||
|
[Arguments] ${tag}
|
||||||
|
Retry Wait Until Page Not Contains Element //clr-dg-row[contains(.,'${tag}')]//button[contains(@class,'datagrid-expandable-caret-button')]
|
@ -74,6 +74,7 @@ Resource Cert-Util.robot
|
|||||||
Resource SeleniumUtil.robot
|
Resource SeleniumUtil.robot
|
||||||
Resource Nightly-Util.robot
|
Resource Nightly-Util.robot
|
||||||
Resource APITest-Util.robot
|
Resource APITest-Util.robot
|
||||||
|
Resource Cosign_Util.robot
|
||||||
Resource TestCaseBody.robot
|
Resource TestCaseBody.robot
|
||||||
|
|
||||||
*** Keywords ***
|
*** Keywords ***
|
||||||
|
@ -863,3 +863,30 @@ Test Case - Carvel Imgpkg Push And Pull To Harbor
|
|||||||
Wait Unitl Command Success docker logout ${ip}
|
Wait Unitl Command Success docker logout ${ip}
|
||||||
Retry File Should Exist ${out_path}/.imgpkg/bundle.yml
|
Retry File Should Exist ${out_path}/.imgpkg/bundle.yml
|
||||||
Retry File Should Exist ${out_path}/.imgpkg/images.yml
|
Retry File Should Exist ${out_path}/.imgpkg/images.yml
|
||||||
|
|
||||||
|
Test Case - Cosign And Cosign Deployment Security Policy
|
||||||
|
[Tags] cosign
|
||||||
|
Init Chrome Driver
|
||||||
|
${user}= Set Variable user006
|
||||||
|
${pwd}= Set Variable Test1@34
|
||||||
|
${d}= Get Current Date result_format=%m%s
|
||||||
|
${image}= Set Variable hello-world
|
||||||
|
${tag}= Set Variable latest
|
||||||
|
Sign In Harbor ${HARBOR_URL} ${user} ${pwd}
|
||||||
|
Create An New Project And Go Into Project project${d}
|
||||||
|
Goto Project Config
|
||||||
|
Click Cosign Deployment Security
|
||||||
|
Save Project Config
|
||||||
|
Content Cosign Deployment security Be Selected
|
||||||
|
|
||||||
|
Push Image With Tag ${ip} ${user} ${pwd} project${d} ${image} ${tag}
|
||||||
|
Go Into Project project${d}
|
||||||
|
Retry Double Keywords When Error Go Into Repo project${d}/${image} Should Not Be Signed By Cosign ${tag}
|
||||||
|
Cannot Pull Image ${ip} ${user} ${pwd} project${d} ${image}:${tag} err_msg=The image is not signed in Cosign.
|
||||||
|
|
||||||
|
Cosign Generate Key Pair
|
||||||
|
Cosign Sign ${ip}/project${d}/${image}:${tag}
|
||||||
|
Retry Double Keywords When Error Retry Element Click ${artifact_list_refresh_btn} Should Be Signed By Cosign ${tag}
|
||||||
|
Pull image ${ip} ${user} ${pwd} project${d} ${image}:${tag}
|
||||||
|
|
||||||
|
Retry Double Keywords When Error Delete Accessory ${tag} Should be Accessory deleted ${tag}
|
@ -31,11 +31,11 @@ Test Case - Project Level Policy Notary Deployment security
|
|||||||
Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} hello-world:latest
|
Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} hello-world:latest
|
||||||
Go Into Project project${d}
|
Go Into Project project${d}
|
||||||
Goto Project Config
|
Goto Project Config
|
||||||
Click Notary Deployment security
|
Click Notary Deployment Security
|
||||||
Save Project Config
|
Save Project Config
|
||||||
# Verify
|
# Verify
|
||||||
# Unsigned image can not be pulled
|
# Unsigned image can not be pulled
|
||||||
Content Trust Should Be Selected
|
Content Notary Deployment security Be Selected
|
||||||
Cannot Pull Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} hello-world:latest err_msg=The image is not signed in Notary
|
Cannot Pull Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} hello-world:latest err_msg=The image is not signed in Notary
|
||||||
# Signed image can be pulled
|
# Signed image can be pulled
|
||||||
Body Of Admin Push Signed Image project${d} redis latest ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
Body Of Admin Push Signed Image project${d} redis latest ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||||
|
@ -68,6 +68,9 @@ RUN pwd && mkdir /tool/binary && \
|
|||||||
# Install imgpkg
|
# Install imgpkg
|
||||||
IMGPKG_VERSION=0.22.0 && wget https://github.com/vmware-tanzu/carvel-imgpkg/releases/download/v$IMGPKG_VERSION/imgpkg-linux-amd64 && \
|
IMGPKG_VERSION=0.22.0 && wget https://github.com/vmware-tanzu/carvel-imgpkg/releases/download/v$IMGPKG_VERSION/imgpkg-linux-amd64 && \
|
||||||
mv imgpkg-linux-amd64 /tool/binary/imgpkg && chmod +x /tool/binary/imgpkg && \
|
mv imgpkg-linux-amd64 /tool/binary/imgpkg && chmod +x /tool/binary/imgpkg && \
|
||||||
|
# Install cosign
|
||||||
|
COSIGN_VERSION=1.4.1 && wget https://github.com/sigstore/cosign/releases/download/v$COSIGN_VERSION/cosign-linux-amd64 && \
|
||||||
|
mv cosign-linux-amd64 /tool/binary/cosign && chmod +x /tool/binary/cosign && \
|
||||||
pwd
|
pwd
|
||||||
|
|
||||||
#ubuntu
|
#ubuntu
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
FROM ubuntu:18.04
|
FROM ubuntu:18.04
|
||||||
ENV LANG C.UTF-8
|
ENV LANG C.UTF-8
|
||||||
ENV HELM_EXPERIMENTAL_OCI=1
|
ENV HELM_EXPERIMENTAL_OCI=1
|
||||||
|
ENV COSIGN_PASSWORD=Harbor12345
|
||||||
RUN apt-get update && apt-get install -y --no-install-recommends wget curl gnupg2
|
RUN apt-get update && apt-get install -y --no-install-recommends wget curl gnupg2
|
||||||
RUN apt-get install libseccomp2
|
RUN apt-get install libseccomp2
|
||||||
RUN wget --no-check-certificate -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
|
RUN wget --no-check-certificate -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
|
||||||
@ -35,8 +36,8 @@ RUN pip3 install --upgrade pip pyasn1 google-apitools==0.5.31 gsutil \
|
|||||||
requests dbbot robotframework-seleniumlibrary==4.3.0 robotframework-pabot \
|
requests dbbot robotframework-seleniumlibrary==4.3.0 robotframework-pabot \
|
||||||
robotframework-JSONLibrary hurry.filesize --upgrade && \
|
robotframework-JSONLibrary hurry.filesize --upgrade && \
|
||||||
apt-get clean all
|
apt-get clean all
|
||||||
# Because the old version of chromedriver can’t download files, upgrade it to version 93.0.4577.15, which can download files normally.
|
# Upgrade chromedriver version to 97.0.4692.71
|
||||||
RUN wget -N http://chromedriver.storage.googleapis.com/95.0.4638.54/chromedriver_linux64.zip && \
|
RUN wget -N http://chromedriver.storage.googleapis.com/97.0.4692.71/chromedriver_linux64.zip && \
|
||||||
unzip chromedriver_linux64.zip && \
|
unzip chromedriver_linux64.zip && \
|
||||||
chmod +x chromedriver && \
|
chmod +x chromedriver && \
|
||||||
mv -f chromedriver /usr/local/share/chromedriver && \
|
mv -f chromedriver /usr/local/share/chromedriver && \
|
||||||
|
Loading…
Reference in New Issue
Block a user