Add cosign UI test case

Signed-off-by: Yang Jiao <jiaoya@vmware.com>

tests/resources/Cosign_Util.robot

@@ -0,0 +1,27 @@
+# Copyright Project Harbor Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#	http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+
+*** Settings ***
+Documentation  This resource provides helper functions for docker operations
+Library  OperatingSystem
+Library  Process
+
+*** Keywords ***
+Cosign Generate Key Pair
+    Remove Files  cosign.key  cosign.pub
+    Wait Unitl Command Success  cosign generate-key-pair
+
+Cosign Sign
+    [Arguments]  ${artifact}
+    Wait Unitl Command Success  cosign sign --allow-insecure-registry --key cosign.key ${artifact}

tests/resources/Harbor-Pages/Project-Artifact-Elements.robot

@@ -22,6 +22,7 @@ ${artifact_action_copy_xpath}  //clr-dropdown-menu//div[contains(.,'Copy') and @
 ${artifact_achieve_icon}  //artifact-list-tab//clr-datagrid//clr-dg-row[contains(.,'sha256')]//clr-dg-cell[1]//clr-tooltip//a
 ${artifact_rows}  //artifact-list-tab//clr-datagrid//clr-dg-row[contains(.,'sha256')]
 ${archive_rows}  //artifact-list-tab//clr-datagrid//clr-dg-row[contains(.,'sha256')]//clr-dg-cell[1]//clr-tooltip//a
+${artifact_list_refresh_btn}  //artifact-list-tab//div//span[@class='refresh-btn']
 
 ${artifact_list_spinner}   xpath=//clr-datagrid//clr-spinner
 ${artifact_tag_component}   xpath=//artifact-tag

tests/resources/Harbor-Pages/Project-Config.robot

@@ -17,10 +17,14 @@ Click Project Public
     Mouse Down  //hbr-project-policy-config//input[@name='public']
     Mouse Up  //hbr-project-policy-config//input[@name='public']
 
-Click Notary Deployment security
+Click Notary Deployment Security
     Mouse Down  //input[@id='content-trust']
     Mouse Up  //input[@id='content-trust']
 
+Click Cosign Deployment Security
+    Mouse Down  //input[@id='content-trust-cosign']
+    Mouse Up  //input[@id='content-trust-cosign']
+
 Click Prevent Running
     Mouse Down  //hbr-project-policy-config//input[@name='prevent-vulnerability-image']
     Mouse Up  //hbr-project-policy-config//input[@name='prevent-vulnerability-image']
@@ -46,9 +50,12 @@ Project Should Be Public
     [Arguments]  ${projectName}
     Retry Wait Until Page Contains Element  //clr-dg-row[contains(.,'${projectName}')]//clr-dg-cell[contains(.,'Public')]
 
-Content Trust Should Be Selected
+Content Notary Deployment security Be Selected
     Checkbox Should Be Selected  //input[@id='content-trust']
 
+Content Cosign Deployment security Be Selected
+    Checkbox Should Be Selected  //input[@id='content-trust-cosign']
+
 Prevent Running Should Be Selected
     Checkbox Should Be Selected  //hbr-project-policy-config//input[@name='prevent-vulnerability-image']
 

tests/resources/Harbor-Pages/Project.robot

@@ -376,3 +376,21 @@ Select Storage Quota unit
     [Arguments]  ${unit}
     Select From List By Value  ${project_add_storage_quota_unit_id}  ${unit}
 
+Should Not Be Signed By Cosign
+    [Arguments]  ${tag}
+    Retry Wait Element Visible  //clr-dg-row[contains(.,'latest')]//clr-icon[contains(@class,'color-red')]
+
+Should Be Signed By Cosign
+    [Arguments]  ${tag}
+    Retry Wait Element Visible  //clr-dg-row[contains(.,'${tag}')]// clr-icon[contains(@class,'signed')]
+
+Delete Accessory
+    [Arguments]  ${tag}
+    Retry Button Click  //clr-dg-row[contains(.,'${tag}')]//button[contains(@class,'datagrid-expandable-caret-button')]
+    Retry Button Click  //clr-dg-row[contains(.,'${tag}')]//button[contains(@class,'datagrid-action-toggle')]
+    Retry Button Click  //div[@id='clr-action-menu1']/button[@class='action-item']
+    Retry Button Click  //div[contains(@class,'modal-content')]//button[contains(@class,'btn-danger')]
+
+Should be Accessory deleted
+    [Arguments]  ${tag}
+    Retry Wait Until Page Not Contains Element  //clr-dg-row[contains(.,'${tag}')]//button[contains(@class,'datagrid-expandable-caret-button')]

tests/resources/Util.robot

@@ -74,6 +74,7 @@ Resource  Cert-Util.robot
 Resource  SeleniumUtil.robot
 Resource  Nightly-Util.robot
 Resource  APITest-Util.robot
+Resource  Cosign_Util.robot
 Resource  TestCaseBody.robot
 
 *** Keywords ***

tests/robot-cases/Group1-Nightly/Common.robot

@@ -863,3 +863,30 @@ Test Case - Carvel Imgpkg Push And Pull To Harbor
     Wait Unitl Command Success  docker logout ${ip}
     Retry File Should Exist  ${out_path}/.imgpkg/bundle.yml
     Retry File Should Exist  ${out_path}/.imgpkg/images.yml
+
+Test Case - Cosign And Cosign Deployment Security Policy
+    [Tags]  cosign
+    Init Chrome Driver
+    ${user}=  Set Variable  user006
+    ${pwd}=  Set Variable  Test1@34
+    ${d}=  Get Current Date  result_format=%m%s
+    ${image}=  Set Variable  hello-world
+    ${tag}=  Set Variable  latest
+    Sign In Harbor  ${HARBOR_URL}  ${user}  ${pwd}
+    Create An New Project And Go Into Project  project${d}
+    Goto Project Config
+    Click Cosign Deployment Security
+    Save Project Config
+    Content Cosign Deployment security Be Selected
+
+    Push Image With Tag  ${ip}  ${user}  ${pwd}  project${d}  ${image}  ${tag}
+    Go Into Project  project${d}
+    Retry Double Keywords When Error  Go Into Repo  project${d}/${image}  Should Not Be Signed By Cosign  ${tag}
+    Cannot Pull Image  ${ip}  ${user}  ${pwd}  project${d}  ${image}:${tag}  err_msg=The image is not signed in Cosign.
+    
+    Cosign Generate Key Pair
+    Cosign Sign  ${ip}/project${d}/${image}:${tag}
+    Retry Double Keywords When Error  Retry Element Click  ${artifact_list_refresh_btn}  Should Be Signed By Cosign  ${tag}
+    Pull image  ${ip}  ${user}  ${pwd}  project${d}  ${image}:${tag}
+
+    Retry Double Keywords When Error  Delete Accessory  ${tag}  Should be Accessory deleted  ${tag}

tests/robot-cases/Group1-Nightly/Notary.robot

@@ -31,11 +31,11 @@ Test Case - Project Level Policy Notary Deployment security
     Push Image  ${ip}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}  project${d}  hello-world:latest
     Go Into Project  project${d}
     Goto Project Config
-    Click Notary Deployment security
+    Click Notary Deployment Security
     Save Project Config
     # Verify
     # Unsigned image can not be pulled
-    Content Trust Should Be Selected
+    Content Notary Deployment security Be Selected
     Cannot Pull Image  ${ip}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}  project${d}  hello-world:latest  err_msg=The image is not signed in Notary
     # Signed image can be pulled
     Body Of Admin Push Signed Image  project${d}  redis  latest  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}

tests/test-engine-image/Dockerfile.common

@@ -68,6 +68,9 @@ RUN pwd && mkdir /tool/binary && \
     # Install imgpkg
     IMGPKG_VERSION=0.22.0 && wget https://github.com/vmware-tanzu/carvel-imgpkg/releases/download/v$IMGPKG_VERSION/imgpkg-linux-amd64 && \
     mv imgpkg-linux-amd64 /tool/binary/imgpkg && chmod +x /tool/binary/imgpkg && \
+    # Install cosign
+    COSIGN_VERSION=1.4.1 && wget https://github.com/sigstore/cosign/releases/download/v$COSIGN_VERSION/cosign-linux-amd64 && \
+    mv cosign-linux-amd64 /tool/binary/cosign && chmod +x /tool/binary/cosign && \
     pwd
 
 #ubuntu

tests/test-engine-image/Dockerfile.ui_test

@@ -3,6 +3,7 @@
 FROM ubuntu:18.04
 ENV LANG C.UTF-8
 ENV HELM_EXPERIMENTAL_OCI=1
+ENV COSIGN_PASSWORD=Harbor12345
 RUN apt-get update && apt-get install -y --no-install-recommends wget curl gnupg2
 RUN apt-get install libseccomp2
 RUN wget  --no-check-certificate -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
@@ -35,8 +36,8 @@ RUN pip3 install --upgrade pip pyasn1 google-apitools==0.5.31 gsutil \
     requests dbbot robotframework-seleniumlibrary==4.3.0 robotframework-pabot \
     robotframework-JSONLibrary hurry.filesize --upgrade && \
     apt-get clean all
-# Because the old version of chromedriver can’t download files, upgrade it to version 93.0.4577.15, which can download files normally.
+# Upgrade chromedriver version to 97.0.4692.71
-RUN wget -N http://chromedriver.storage.googleapis.com/95.0.4638.54/chromedriver_linux64.zip && \
+RUN wget -N http://chromedriver.storage.googleapis.com/97.0.4692.71/chromedriver_linux64.zip && \
     unzip chromedriver_linux64.zip && \
     chmod +x chromedriver && \
     mv -f chromedriver /usr/local/share/chromedriver && \