From 76cbcfcbb91aa293a4a11a9cd9fd7b07330eaafa Mon Sep 17 00:00:00 2001 From: "Danfeng Liu (c)" Date: Tue, 29 Oct 2019 18:18:05 +0800 Subject: [PATCH] Refect upgrade script, population will be distinguished by harbor version. Signed-off-by: Danfeng Liu (c) --- .../resources/Harbor-Pages/Replication.robot | 5 + tests/resources/Harbor-Pages/Verify.robot | 48 ++- tests/resources/Util.robot | 2 +- tests/robot-cases/Group3-Upgrade/data.json | 162 +++++++++- .../Group3-Upgrade/feature_map.json | 192 ++++++++++++ tests/robot-cases/Group3-Upgrade/prepare.py | 288 +++++++++++++++--- .../robot-cases/Group3-Upgrade/prepare_v17.py | 193 ------------ tests/robot-cases/Group3-Upgrade/verify.robot | 28 ++ 8 files changed, 651 insertions(+), 267 deletions(-) create mode 100644 tests/robot-cases/Group3-Upgrade/feature_map.json delete mode 100644 tests/robot-cases/Group3-Upgrade/prepare_v17.py diff --git a/tests/resources/Harbor-Pages/Replication.robot b/tests/resources/Harbor-Pages/Replication.robot index 6ca9d2eba..14366eb01 100644 --- a/tests/resources/Harbor-Pages/Replication.robot +++ b/tests/resources/Harbor-Pages/Replication.robot @@ -226,6 +226,11 @@ Select Rule And Replicate Retry Element Click ${replication_exec_id} Retry Double Keywords When Error Retry Element Click xpath=${dialog_replicate} Retry Wait Until Page Not Contains Element xpath=${dialog_replicate} +Select Rule And Click Edit Button + [Arguments] ${rule_name} + Retry Element Click //clr-dg-row[contains(.,'${rule_name}')]//clr-radio-wrapper/label + Retry Element Click ${edit_replication_rule_id} + Delete Replication Rule [Arguments] ${name} Retry Element Click ${endpoint_filter_search} diff --git a/tests/resources/Harbor-Pages/Verify.robot b/tests/resources/Harbor-Pages/Verify.robot index 00616e84a..f113f3ca7 100644 --- a/tests/resources/Harbor-Pages/Verify.robot +++ b/tests/resources/Harbor-Pages/Verify.robot @@ -26,7 +26,7 @@ Verify Project Init Chrome Driver Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} :FOR ${project} IN @{project} - \ Page Should Contain ${project} + \ Retry Wait Until Page Contains ${project} Verify Project Metadata ${json} Close Browser @@ -56,10 +56,10 @@ Verify Project Metadata \ Switch To Project Configuration \ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.public ${project_config_public_checkbox} \ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.enable_content_trust ${project_config_content_trust_checkbox} - \ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.automatically_scan_images_on_push ${project_config_scan_images_on_push_checkbox} - \ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.prevent_vulnerable_images_from_running ${project_config_prevent_vulnerable_images_from_running_checkbox} + \ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.auto_scan ${project_config_scan_images_on_push_checkbox} + \ Verify Checkbox ${json} $.projects[?(@.name=${project})].configuration.prevent_vul ${project_config_prevent_vulnerable_images_from_running_checkbox} \ ${ret} Get Selected List Value ${project_config_severity_select} - \ @{severity}= Get Value From Json ${json} $.projects[?(@.name=${project})].configuration.prevent_vlunerable_images_from_running_severity + \ @{severity}= Get Value From Json ${json} $.projects[?(@.name=${project})].configuration.severity \ Should Contain ${ret} @{severity}[0] \ Navigate To Projects Close Browser @@ -145,12 +145,40 @@ Verify Endpoint Verify Replicationrule [Arguments] ${json} - @{replicationrule}= Get Value From Json ${json} $.replicationrule..name - Init Chrome Driver - Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} - Switch To Replication Manage - :For ${replicationrule} IN @{replicationrule} - \ Page Should Contain ${replicationrule} + @{replicationrules}= Get Value From Json ${json} $.replicationrule.[*].rulename + @{endpoints}= Get Value From Json ${json} $.endpoint.[*].name + : FOR ${replicationrule} IN @{replicationrules} + \ Init Chrome Driver + \ Log To Console -----replicationrule-----"${replicationrule}"------------ + \ Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} + \ Switch To Replication Manage + \ Select Rule And Click Edit Button ${replicationrule} + \ @{is_src_registry}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].is_src_registry + \ @{trigger_type}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].trigger_type + \ @{name_filters}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].name_filters + \ @{tag_filters}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].tag_filters + \ @{dest_namespace}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].dest_namespace + \ @{cron}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].cron + \ @{is_src_registry}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].is_src_registry + \ Log To Console -----is_src_registry-----@{is_src_registry}[0]------------ + \ @{endpoint}= Get Value From Json ${json} $.replicationrule[?(@.rulename=${replicationrule})].endpoint + \ Log To Console -----endpoint-----@{endpoint}------------ + \ ${endpoint0}= Set Variable @{endpoint}[0] + \ Log To Console -----endpoint0-----${endpoint0}------------ + \ @{endpoint_type}= Get Value From Json ${json} $.endpoint[?(@.name=${endpoint0})].type + \ Retry Textfield Value Should Be ${source_project} @{name_filters}[0] + \ Retry Textfield Value Should Be ${filter_tag} @{tag_filters}[0] + \ Retry Textfield Value Should Be ${rule_name_input} ${replicationrule} + \ Retry Textfield Value Should Be ${dest_namespace_xpath} @{dest_namespace}[0] + \ Log To Console -----endpoint_type-----@{endpoint_type}[0]------------ + \ ${registry}= Set Variable If "@{endpoint_type}[0]"=="harbor" ${endpoint0}-https://${IP} ${endpoint0}-https://hub.docker.com + \ Log To Console -------registry---${registry}------------ + \ Run Keyword If '@{is_src_registry}[0]' == '${true}' Retry List Selection Should Be ${src_registry_dropdown_list} ${registry} + \ ... ELSE Retry List Selection Should Be ${dest_registry_dropdown_list} ${registry} + \ #\ Retry List Selection Should Be ${rule_resource_selector} ${resource_type} + \ Retry List Selection Should Be ${rule_trigger_select} @{trigger_type}[0] + \ Run Keyword If '@{trigger_type}[0]' == 'scheduled' Log To Console ----------@{trigger_type}[0]------------ + \ Run Keyword If '@{trigger_type}[0]' == 'scheduled' Retry Textfield Value Should Be ${targetCron_id} @{cron}[0] Close Browser Verify Project Setting diff --git a/tests/resources/Util.robot b/tests/resources/Util.robot index f2b267f78..0b282a44e 100644 --- a/tests/resources/Util.robot +++ b/tests/resources/Util.robot @@ -226,7 +226,7 @@ Command Should be Failed Retry Keyword When Error [Arguments] ${keyword} @{elements} :For ${n} IN RANGE 1 6 - \ Log To Console Trying ${keyword} ${n} times ... + \ Log To Console Trying ${keyword} elements @{elements} ${n} times ... \ ${out} Run Keyword And Ignore Error ${keyword} @{elements} \ Log To Console Return value is ${out[0]} \ Exit For Loop If '${out[0]}'=='PASS' diff --git a/tests/robot-cases/Group3-Upgrade/data.json b/tests/robot-cases/Group3-Upgrade/data.json index 07317ee3a..42caffd73 100644 --- a/tests/robot-cases/Group3-Upgrade/data.json +++ b/tests/robot-cases/Group3-Upgrade/data.json @@ -31,24 +31,53 @@ "url":"http://url", "name":"endpoint1", "user":"admin", - "pass":"Harbor12345" - } + "pass":"Harbor12345", + "insecure":true, + "type":"harbor" + }, + { + "url":"https://hub.docker.com", + "name":"endpoint2", + "user":"", + "pass":"", + "insecure":false, + "type":"docker-hub" + } ], "replicationrule":[ { "project":"project1", "endpoint":"endpoint1", "trigger":"Manual", - "rulename":"rulename" + "rulename":"rulename", + "is_src_registry":false, + "dest_namespace":"rule1-namespace", + "trigger_type":"event_based", + "cron":"", + "deletion":true, + "enabled":true, + "override":true, + "name_filters":"namefilter1", + "tag_filters":"tagfilter1" }, { "project":"library", - "endpoint":"endpoint1", + "endpoint":"endpoint2", "trigger":"Manual", - "rulename":"rulelibrary" - } - ], - "configuration":{ + "rulename":"rulelibrary", + "endpoint_type":"harbor", + "is_src_registry":true, + "dest_namespace":"rule2-namespace", + "trigger_type":"scheduled", + "cron":"6 7 8 * * *", + "deletion":false, + "enabled":true, + "override":true, + "name_filters":"namefilter2", + "tag_filters":"tagfilter2" + } + ], + "configuration":{ "authmode":"Database", "projectcreation":"everyone", "selfreg":false, @@ -68,6 +97,25 @@ "daily":0 } }, + "deployment_security":{ + "cve":[ + { + "id":"CVE-2019-12904" + }, + { + "id":"CVE-2011-3389" + }, + { + "id":"CVE-2018-12886" + }, + { + "id":"CVE-2019-3844" + } + ], + "never_expires":false, + "expires_at":"2572969600" + }, + "webhooks_enabled":true, "syslabel":[ { "name":"label1" @@ -121,6 +169,10 @@ "role":3 } ], + "count_limit":1234, + "storage_limit":53687091200, + "storage_limit_for_verify":50, + "storage_unit_for_verify":"GB", "replications":{ "rulename":"ruleproject1", "endpointname":"endpoint1", @@ -143,12 +195,50 @@ "operation":"create" } ], + "robot_account":[ + { + "name":"robot0", + "access": [ + { + "action": "pull" + }, + { + "action": "push" + } + ] + } + ], + "webhook":{ + "address":"https://1.1.1.1", + "skip_cert_verify":true, + "auth_header":"aaa", + "enabled":true + }, "configuration":{ "public":"true", "enable_content_trust":"true", - "automatically_scan_images_on_push":"true", - "prevent_vulnerable_images_from_running":"true", - "prevent_vlunerable_images_from_running_severity":"high" + "auto_scan":"true", + "prevent_vul":"true", + "severity":"high", + "reuse_sys_cve_whitelist":"false", + "deployment_security":{ + "cve":[ + { + "id":"CVE-2019-111" + }, + { + "id":"CVE-2011-2222" + }, + { + "id":"CVE-2018-33333" + }, + { + "id":"CVE-2019-44444" + } + ], + "never_expires":false, + "expires_at":"2572969600" + } } }, { @@ -182,6 +272,10 @@ "role":3 } ], + "count_limit":-1, + "storage_limit":32985348833280, + "storage_limit_for_verify":30, + "storage_unit_for_verify":"TB", "replications":{ "rulename":"rulename1", "endpointname":"endpoint1", @@ -204,12 +298,52 @@ "operation":"create" } ], + "robot_account":[ + { + "name":"robot1", + "access": [ + { + "action": "pull" + }, + { + "action": "push" + } + ] + }, + { + "name":"robot2", + "access": [ + { + "action": "pull" + } + ] + }, + { + "name":"robot3", + "access": [ + { + "action": "push" + } + ] + } + ], + "webhook":{ + "address":"https://1.1.1.1", + "skip_cert_verify":true, + "auth_header":"aaa", + "enabled":true + }, "configuration":{ "public":"false", "enable_content_trust":"false", - "automatically_scan_images_on_push":"false", - "prevent_vulnerable_images_from_running":"true", - "prevent_vlunerable_images_from_running_severity":"medium" + "auto_scan":"false", + "prevent_vul":"true", + "severity":"medium", + "reuse_sys_cve_whitelist":"true", + "deployment_security":{ + "cve":[ + ] + } } } ] diff --git a/tests/robot-cases/Group3-Upgrade/feature_map.json b/tests/robot-cases/Group3-Upgrade/feature_map.json new file mode 100644 index 000000000..6e891c9ea --- /dev/null +++ b/tests/robot-cases/Group3-Upgrade/feature_map.json @@ -0,0 +1,192 @@ +{ + "create_project":[ + { + "branch":1, + "version":"1.4" + }, + { + "branch":1, + "version":"1.6" + }, + { + "branch":1, + "version":"1.7" + }, + { + "branch":1, + "version":"1.8" + }, + { + "branch":2, + "version":"1.9" + }, + { + "branch":2, + "version":"1.10" + } + ], + "add_member":[ + { + "branch":1, + "version":"1.4" + }, + { + "branch":2, + "version":"1.6" + }, + { + "branch":2, + "version":"1.7" + }, + { + "branch":2, + "version":"1.8" + }, + { + "branch":2, + "version":"1.9" + }, + { + "branch":2, + "version":"1.10" + } + ], + "set_user_admin":[ + { + "branch":1, + "version":"1.4" + }, + { + "branch":2, + "version":"1.6" + }, + { + "branch":2, + "version":"1.7" + }, + { + "branch":2, + "version":"1.8" + }, + { + "branch":2, + "version":"1.9" + }, + { + "branch":2, + "version":"1.10" + } + ], + "add_endpoint":[ + { + "branch":1, + "version":"1.4" + }, + { + "branch":1, + "version":"1.6" + }, + { + "branch":1, + "version":"1.7" + }, + { + "branch":2, + "version":"1.8" + }, + { + "branch":2, + "version":"1.9" + }, + { + "branch":2, + "version":"1.10" + } + ], + "add_replication_rule":[ + { + "branch":1, + "version":"1.4" + }, + { + "branch":1, + "version":"1.6" + }, + { + "branch":1, + "version":"1.7" + }, + { + "branch":2, + "version":"1.8" + }, + { + "branch":2, + "version":"1.9" + }, + { + "branch":2, + "version":"1.10" + } + ], + "add_sys_whitelist":[ + { + "branch":1, + "version":"1.9" + }, + { + "branch":1, + "version":"1.10" + } + ], + "update_project_setting_whitelist":[ + { + "branch":1, + "version":"1.9" + }, + { + "branch":1, + "version":"1.10" + } + ], + "add_project_robot_account":[ + { + "branch":1, + "version":"1.8" + }, + { + "branch":1, + "version":"1.9" + }, + { + "branch":1, + "version":"1.10" + } + ], + "add_tag_retention_rule":[ + { + "branch":1, + "version":"1.9" + }, + { + "branch":1, + "version":"1.10" + } + ], + "add_tag_immutability_rule":[ + { + "branch":1, + "version":"1.10" + } + ], + "add_webhook":[ + { + "branch":1, + "version":"1.9" + }, + { + "branch":1, + "version":"1.10" + } + ] + } \ No newline at end of file diff --git a/tests/robot-cases/Group3-Upgrade/prepare.py b/tests/robot-cases/Group3-Upgrade/prepare.py index 98fed911d..1c63a1d91 100644 --- a/tests/robot-cases/Group3-Upgrade/prepare.py +++ b/tests/robot-cases/Group3-Upgrade/prepare.py @@ -1,8 +1,9 @@ import os +import sys import json import argparse import requests - +from functools import wraps from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning) @@ -15,9 +16,43 @@ url = "https://"+args.endpoint+"/api/" endpoint_url = "https://"+args.endpoint print url +with open("feature_map.json") as f: + feature_map = json.load(f) + +def get_branch(func_name, version): + has_feature = False + for node in feature_map[func_name]: + has_feature = True + if node["version"] == version: + return node["branch"] + if has_feature is False: + return "No Restriction" + else: + return "Not Supported" + +def get_feature_branch(func): + @wraps(func) + def inner_func(*args,**kwargs): + branch=get_branch(inner_func.__name__, kwargs.get("version")) + if branch == "No Restriction": + func(*args,**kwargs) + elif branch == "Not Supported": + print("Feature {} is not supported in version {}".format(inner_func.__name__, kwargs.get("version"))) + else: + kwargs["branch"] = branch + func(*args,**kwargs) + return + return inner_func + class HarborAPI: - def create_project(self, project_name): - body=dict(body={"project_name": ""+project_name+"", "metadata": {"public": "true"}}) + @get_feature_branch + def create_project(self, project, **kwargs): + if kwargs["branch"] == 1: + body=dict(body={"project_name": ""+project["name"]+"", "metadata": {"public": "true"}}) + elif kwargs["branch"] == 2: + body=dict(body={"project_name": ""+project["name"]+"", "metadata": {"public": "true"},"count_limit":project["count_limit"],"storage_limit":project["storage_limit"]}) + else: + raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch)) request(url+"projects", 'post', **body) def create_user(self, username): @@ -25,65 +60,135 @@ class HarborAPI: body=dict(body=payload) request(url+"users", 'post', **body) - def set_user_admin(self, user): + @get_feature_branch + def set_user_admin(self, user, **kwargs): r = request(url+"users?username="+user+"", 'get') userid = str(r.json()[0]['user_id']) - if args.version == "1.6": - body=dict(body={"sysadmin_flag": True}) + + if kwargs["branch"] == 1: + body=dict(body={"has_admin_role": 1}) + elif kwargs["branch"] == 2: + body=dict(body={"has_admin_role": True}) else: - body=dict(body={"sysadmin_flag": 1}) + raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch)) request(url+"users/"+userid+"/sysadmin", 'put', **body) - def add_member(self, project, user, role): + @get_feature_branch + def add_member(self, project, user, role, **kwargs): r = request(url+"projects?name="+project+"", 'get') projectid = str(r.json()[0]['project_id']) - if args.version == "1.6": + + if kwargs["branch"] == 1: + payload = {"roles": [role], "username":""+user+""} + elif kwargs["branch"] == 2: payload = {"member_user":{ "username": ""+user+""},"role_id": role} else: - payload = {"roles": [role], "username":""+user+""} - + raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch)) body=dict(body=payload) request(url+"projects/"+projectid+"/members", 'post', **body) - def add_endpoint(self, endpointurl, endpointname, username, password, insecure): - payload = { - "credential":{ - "access_key":""+username+"", - "access_secret":""+password+"", - "type":"basic" - }, - "insecure":insecure, - "name":""+endpointname+"", - "type":"harbor", - "url":""+endpoint_url+"" - } - body=dict(body=payload) - print body - request(url+"/registries", 'post', **body) + @get_feature_branch + def add_endpoint(self, endpointurl, endpointname, username, password, insecure, registry_type, **kwargs): + if kwargs["branch"] == 1: + payload = {"endpoint": ""+endpointurl+"", "name": ""+endpointname+"", "username": ""+username+"", "password": ""+password+"", "insecure": insecure} + body=dict(body=payload) + request(url+"targets", 'post', **body) + elif kwargs["branch"] == 2: + if registry_type == "harbor": + endpointurl = endpoint_url + payload = { + "credential":{ + "access_key":""+username+"", + "access_secret":""+password+"", + "type":"basic" + }, + "insecure":insecure, + "name":""+endpointname+"", + "type":""+registry_type+"", + "url":""+endpointurl+"" + } + body=dict(body=payload) + print body + request(url+"/registries", 'post', **body) + else: + raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch)) - def add_replication_rule(self, project, target, trigger, rulename): - r = request(url+"registries?name="+target+"", 'get') - targetid = r.json()[0]['id'] - payload = {"name": ""+rulename+"", "deletion": False, "enabled": True, "description": "string", "dest_registry": {"id": targetid},"trigger": {"type": "manual"}} - body=dict(body=payload) - request(url+"replication/policies", 'post', **body) + @get_feature_branch + def add_replication_rule(self, replicationrule, **kwargs): + if kwargs["branch"] == 1: + r = request(url+"projects?name="+replicationrule["project"]+"", 'get') + projectid = r.json()[0]['project_id'] + r = request(url+"targets?name="+replicationrule["endpoint"]+"", 'get') + targetid = r.json()[0]['id'] + payload = {"name": ""+replicationrule["rulename"]+"", "description": "string", "projects": [{"project_id": projectid,}], "targets": [{"id": targetid,}], "trigger": {"kind": ""+replicationrule["trigger"]+"", "schedule_param": {"type": "weekly", "weekday": 1, "offtime": 0}}} + body=dict(body=payload) + request(url+"policies/replication", 'post', **body) + elif kwargs["branch"] == 2: + r = request(url+"registries?name="+replicationrule["endpoint"]+"", 'get') + targetid = r.json()[0]['id'] + if replicationrule["is_src_registry"] is True: + registry = r'"src_registry": { "id": '+str(targetid)+r'},' + else: + registry = r'"dest_registry": { "id": '+str(targetid)+r'},' - def update_project_setting(self, project, public, contenttrust, preventrunning, preventseverity, scanonpush): + body=dict(body=json.loads(r'{"name":"'+replicationrule["rulename"].encode('utf-8')+r'","dest_namespace":"'+replicationrule["dest_namespace"].encode('utf-8')+r'","deletion": '+str(replicationrule["deletion"]).lower()+r',"enabled": '+str(replicationrule["enabled"]).lower()+r',"override": '+str(replicationrule["override"]).lower()+r',"description": "string",'+ registry + r'"trigger":{"type": "'+replicationrule["trigger_type"]+r'", "trigger_settings":{"cron":"'+replicationrule["cron"]+r'"}},"filters":[ {"type":"name","value":"'+replicationrule["name_filters"]+r'"},{"type":"tag","value":"'+replicationrule["tag_filters"]+r'"}]}')) + print body + request(url+"replication/policies", 'post', **body) + else: + raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch)) + + #@get_feature_branch + def update_project_setting_metadata(self, project, public, contenttrust, preventrunning, preventseverity, scanonpush): r = request(url+"projects?name="+project+"", 'get') projectid = str(r.json()[0]['project_id']) payload = { - "project_name": ""+project+"", "metadata": { "public": public, "enable_content_trust": contenttrust, - "prevent_vulnerable_images_from_running": preventrunning, - "prevent_vulnerable_images_from_running_severity": preventseverity, - "automatically_scan_images_on_push": scanonpush + "prevent_vul": preventrunning, + "severity": preventseverity, + "auto_scan": scanonpush } } body=dict(body=payload) + print body request(url+"projects/"+projectid+"", 'put', **body) + @get_feature_branch + def add_sys_whitelist(self, cve_id_list, **kwargs): + cve_id_str = "" + if kwargs["branch"] == 1: + for index, cve_id in enumerate(cve_id_list["cve"]): + cve_id_str = cve_id_str + '{"cve_id":"' +cve_id["id"] + '"}' + if index != len(cve_id_list["cve"]) - 1: + cve_id_str = cve_id_str + "," + body=dict(body=json.loads(r'{"items":['+cve_id_str.encode('utf-8')+r'],"expires_at":'+cve_id_list["expires_at"]+'}')) + request(url+"system/CVEWhitelist", 'put', **body) + else: + raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch)) + + @get_feature_branch + def update_project_setting_whitelist(self, project, reuse_sys_cve_whitelist, cve_id_list, **kwargs): + r = request(url+"projects?name="+project+"", 'get') + projectid = str(r.json()[0]['project_id']) + cve_id_str = "" + if kwargs["branch"] == 1: + for index, cve_id in enumerate(cve_id_list["cve"]): + cve_id_str = cve_id_str + '{"cve_id":"' +cve_id["id"] + '"}' + if index != len(cve_id_list["cve"]) - 1: + cve_id_str = cve_id_str + "," + print cve_id_str + if reuse_sys_cve_whitelist == "true": + payload = r'{"metadata":{"reuse_sys_cve_whitelist":"true"}}' + else: + payload = r'{"metadata":{"reuse_sys_cve_whitelist":"false"},"cve_whitelist":{"project_id":'+projectid+',"items":['+cve_id_str.encode('utf-8')+r'],"expires_at":'+cve_id_list["expires_at"]+'}}' + print payload + body=dict(body=json.loads(payload)) + request(url+"projects/"+projectid+"", 'put', **body) + else: + raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch)) + + def update_systemsetting(self, emailfrom, emailhost, emailport, emailuser, creation, selfreg, token): payload = { "auth_mode": "db_auth", @@ -108,6 +213,78 @@ class HarborAPI: body=dict(body=payload) request(url+"configurations", 'put', **body) + @get_feature_branch + def add_project_robot_account(self, project, robot_account, **kwargs): + r = request(url+"projects?name="+project+"", 'get') + projectid = str(r.json()[0]['project_id']) + + if kwargs["branch"] == 1: + if len(robot_account["access"]) == 1: + robot_account_ac = robot_account["access"][0] + payload = { + "name": robot_account["name"], + "access": [ + { + "resource": "/project/"+projectid+"/repository", + "action": robot_account_ac["action"] + } + ] + } + elif len(robot_account["access"]) == 2: + payload = { + "name": robot_account["name"], + "access": [ + { + "resource": "/project/"+projectid+"/repository", + "action": "pull" + }, + { + "resource": "/project/"+projectid+"/repository", + "action": "push" + } + ] + } + else: + raise Exception(r"Error: Robot account count {} is not legal!".format(len(robot_account["access"]))) + else: + raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, branch)) + print payload + body=dict(body=payload) + request(url+"projects/"+projectid+"/robots", 'post', **body) + + @get_feature_branch + def add_tag_retention_rule(self, project, robot_account, **kwargs): + return + + @get_feature_branch + def add_webhook(self, webhook, **kwargs): + if kwargs["branch"] == 1: + payload = { + "targets":[ + { + "type":"http", + "address":webhook["address"], + "skip_cert_verify":webhook["skip_cert_verify"], + "auth_header":webhook["auth_header"] + } + ], + "event_types":[ + "downloadChart", + "deleteChart", + "uploadChart", + "deleteImage", + "pullImage", + "pushImage", + "scanningFailed", + "scanningCompleted" + ], + "enabled":+webhook["enabled"] + } + body=dict(body=payload) + request(url+"system/CVEWhitelist", 'put', **body) + else: + raise Exception(r"Error: Feature {} has no branch {}.".format(sys._getframe().f_code.co_name, kwargs["branch"])) + def update_repoinfo(self, reponame): payload = {"description": "testdescription"} body=dict(body=payload) @@ -125,6 +302,7 @@ class HarborAPI: try: os.makedirs(ca_path) except Exception, e: + print str(e) pass open(target, 'wb').write(ca_content) @@ -155,7 +333,7 @@ def pull_image(*image): def push_image(image, project): os.system("docker tag "+image+" "+args.endpoint+"/"+project+"/"+image) - os.system("docker login "+args.endpoint+" -u Admin"+" -p Harbor12345") + os.system("docker login "+args.endpoint+" -u admin"+" -p Harbor12345") os.system("docker push "+args.endpoint+"/"+project+"/"+image) def push_signed_image(image, project, tag): @@ -169,30 +347,39 @@ def do_data_creation(): harborAPI.create_user(user["name"]) for user in data["admin"]: - harborAPI.set_user_admin(user["name"]) + harborAPI.set_user_admin(user["name"], version=args.version) for project in data["projects"]: - harborAPI.create_project(project["name"]) + harborAPI.create_project(project, version=args.version) for member in project["member"]: - harborAPI.add_member(project["name"], member["name"], member["role"]) + harborAPI.add_member(project["name"], member["name"], member["role"], version=args.version) + for robot_account in project["robot_account"]: + harborAPI.add_project_robot_account(project["name"], robot_account, version=args.version) + harborAPI.add_webhook(project["webhook"], version=args.version) pull_image("busybox", "redis", "haproxy", "alpine", "httpd:2") push_image("busybox", data["projects"][0]["name"]) push_signed_image("alpine", data["projects"][0]["name"], "latest") for endpoint in data["endpoint"]: - harborAPI.add_endpoint(endpoint["url"], endpoint["name"], endpoint["user"], endpoint["pass"], True) + harborAPI.add_endpoint(endpoint["url"], endpoint["name"], endpoint["user"], endpoint["pass"], endpoint["insecure"], endpoint["type"], version=args.version) + for replicationrule in data["replicationrule"]: - harborAPI.add_replication_rule(replicationrule["project"], - replicationrule["endpoint"], replicationrule["trigger"], - replicationrule["rulename"]) + harborAPI.add_replication_rule(replicationrule, version=args.version) + for project in data["projects"]: - harborAPI.update_project_setting(project["name"], + harborAPI.update_project_setting_metadata(project["name"], project["configuration"]["public"], project["configuration"]["enable_content_trust"], - project["configuration"]["prevent_vulnerable_images_from_running"], - project["configuration"]["prevent_vlunerable_images_from_running_severity"], - project["configuration"]["automatically_scan_images_on_push"]) + project["configuration"]["prevent_vul"], + project["configuration"]["severity"], + project["configuration"]["auto_scan"]) + + for project in data["projects"]: + harborAPI.update_project_setting_whitelist(project["name"], + project["configuration"]["reuse_sys_cve_whitelist"], + project["configuration"]["deployment_security"],version=args.version) + harborAPI.update_systemsetting(data["configuration"]["emailsetting"]["emailfrom"], data["configuration"]["emailsetting"]["emailserver"], float(data["configuration"]["emailsetting"]["emailport"]), @@ -200,4 +387,7 @@ def do_data_creation(): data["configuration"]["projectcreation"], data["configuration"]["selfreg"], float(data["configuration"]["token"])) + + harborAPI.add_sys_whitelist(data["configuration"]["deployment_security"],version=args.version) + do_data_creation() \ No newline at end of file diff --git a/tests/robot-cases/Group3-Upgrade/prepare_v17.py b/tests/robot-cases/Group3-Upgrade/prepare_v17.py deleted file mode 100644 index 429f9817a..000000000 --- a/tests/robot-cases/Group3-Upgrade/prepare_v17.py +++ /dev/null @@ -1,193 +0,0 @@ -import os -import json -import argparse -import requests - -from requests.packages.urllib3.exceptions import InsecureRequestWarning -requests.packages.urllib3.disable_warnings(InsecureRequestWarning) - -parser = argparse.ArgumentParser(description='The script to generate data for harbor v1.4.0') -parser.add_argument('--endpoint', '-e', dest='endpoint', required=True, help='The endpoint to harbor') -parser.add_argument('--version', '-v', dest='version', required=False, help='The version to harbor') -args = parser.parse_args() - -url = "https://"+args.endpoint+"/api/" -print url - -class HarborAPI: - def create_project(self, project_name): - body=dict(body={"project_name": ""+project_name+"", "metadata": {"public": "true"}}) - request(url+"projects", 'post', **body) - - def create_user(self, username): - payload = {"username":username, "email":username+"@vmware.com", "password":"Harbor12345", "realname":username, "comment":"string"} - body=dict(body=payload) - request(url+"users", 'post', **body) - - def set_user_admin(self, user): - r = request(url+"users?username="+user+"", 'get') - userid = str(r.json()[0]['user_id']) - if args.version == "1.6": - body=dict(body={"sysadmin_flag": True}) - else: - body=dict(body={"sysadmin_flag": 1}) - request(url+"users/"+userid+"/sysadmin", 'put', **body) - - def add_member(self, project, user, role): - r = request(url+"projects?name="+project+"", 'get') - projectid = str(r.json()[0]['project_id']) - if args.version == "1.6": - payload = {"member_user":{ "username": ""+user+""},"role_id": role} - else: - payload = {"roles": [role], "username":""+user+""} - - body=dict(body=payload) - request(url+"projects/"+projectid+"/members", 'post', **body) - - def add_endpoint(self, endpointurl, endpointname, username, password, insecure): - payload = {"endpoint": ""+endpointurl+"", "name": ""+endpointname+"", "username": ""+username+"", "password": ""+password+"", "insecure": insecure} - body=dict(body=payload) - request(url+"targets", 'post', **body) - - def add_replication_rule(self, project, target, trigger, rulename): - r = request(url+"projects?name="+project+"", 'get') - projectid = r.json()[0]['project_id'] - r = request(url+"targets?name="+target+"", 'get') - targetid = r.json()[0]['id'] - payload = {"name": ""+rulename+"", "description": "string", "projects": [{"project_id": projectid,}], "targets": [{"id": targetid,}], "trigger": {"kind": ""+trigger+"", "schedule_param": {"type": "weekly", "weekday": 1, "offtime": 0}}} - body=dict(body=payload) - request(url+"policies/replication", 'post', **body) - - def update_project_setting(self, project, public, contenttrust, preventrunning, preventseverity, scanonpush): - r = request(url+"projects?name="+project+"", 'get') - projectid = str(r.json()[0]['project_id']) - payload = { - "metadata": { - "public": public, - "enable_content_trust": contenttrust, - "prevent_vul": preventrunning, - "severity": preventseverity, - "auto_scan": scanonpush - } - } - - body=dict(body=payload) - request(url+"projects/"+projectid+"", 'put', **body) - - def update_systemsetting(self, emailfrom, emailhost, emailport, emailuser, creation, selfreg, token): - payload = { - "auth_mode": "db_auth", - "email_from": emailfrom, - "email_host": emailhost, - "email_port": emailport, - "email_identity": "string", - "email_username": emailuser, - "email_ssl": True, - "email_insecure": True, - "project_creation_restriction": creation, - "read_only": False, - "self_registration": selfreg, - "token_expiration": token, - "scan_all_policy": { - "type": "none", - "parameter": { - "daily_time": 0 - } - } - } - body=dict(body=payload) - request(url+"configurations", 'put', **body) - - def update_repoinfo(self, reponame): - payload = {"description": "testdescription"} - body=dict(body=payload) - request(url+"repositories/"+reponame+"", 'put', **body) - - def get_ca(self, target='/harbor/ca/ca.crt'): - url = "https://" + args.endpoint + "/api/systeminfo/getcert" - resp = request(url, 'get') - try: - ca_content = json.loads(resp.text) - except ValueError: - ca_content = resp.text - ca_path = '/harbor/ca' - if not os.path.exists(ca_path): - try: - os.makedirs(ca_path) - except Exception, e: - pass - open(target, 'wb').write(ca_content) - - -def request(url, method, user = None, userp = None, **kwargs): - if user is None: - user = "admin" - if userp is None: - userp = "Harbor12345" - kwargs.setdefault('headers', kwargs.get('headers', {})) - kwargs['headers']['Accept'] = 'application/json' - if 'body' in kwargs: - kwargs['headers']['Content-Type'] = 'application/json' - kwargs['data'] = json.dumps(kwargs['body']) - del kwargs['body'] - - resp = requests.request(method, url, verify=False, auth=(user, userp), **kwargs) - if resp.status_code >= 400: - raise Exception("[Exception Message] - {}".format(resp.text)) - return resp - -with open("data.json") as f: - data = json.load(f) - -def pull_image(*image): - for i in image: - os.system("docker pull "+i) - -def push_image(image, project): - os.system("docker tag "+image+" "+args.endpoint+"/"+project+"/"+image) - os.system("docker login "+args.endpoint+" -u Admin"+" -p Harbor12345") - os.system("docker push "+args.endpoint+"/"+project+"/"+image) - -def push_signed_image(image, project, tag): - os.system("./sign_image.sh" + " " + args.endpoint + " " + project + " " + image + " " + tag) - -def do_data_creation(): - harborAPI = HarborAPI() - harborAPI.get_ca() - - for user in data["users"]: - harborAPI.create_user(user["name"]) - - for user in data["admin"]: - harborAPI.set_user_admin(user["name"]) - - for project in data["projects"]: - harborAPI.create_project(project["name"]) - for member in project["member"]: - harborAPI.add_member(project["name"], member["name"], member["role"]) - - pull_image("busybox", "redis", "haproxy", "alpine", "httpd:2") - push_image("busybox", data["projects"][0]["name"]) - push_signed_image("alpine", data["projects"][0]["name"], "latest") - - for endpoint in data["endpoint"]: - harborAPI.add_endpoint(endpoint["url"], endpoint["name"], endpoint["user"], endpoint["pass"], False) - for replicationrule in data["replicationrule"]: - harborAPI.add_replication_rule(replicationrule["project"], - replicationrule["endpoint"], replicationrule["trigger"], - replicationrule["rulename"]) - for project in data["projects"]: - harborAPI.update_project_setting(project["name"], - project["configuration"]["public"], - project["configuration"]["enable_content_trust"], - project["configuration"]["prevent_vulnerable_images_from_running"], - project["configuration"]["prevent_vlunerable_images_from_running_severity"], - project["configuration"]["automatically_scan_images_on_push"]) - harborAPI.update_systemsetting(data["configuration"]["emailsetting"]["emailfrom"], - data["configuration"]["emailsetting"]["emailserver"], - float(data["configuration"]["emailsetting"]["emailport"]), - data["configuration"]["emailsetting"]["emailuser"], - data["configuration"]["projectcreation"], - data["configuration"]["selfreg"], - float(data["configuration"]["token"])) -do_data_creation() \ No newline at end of file diff --git a/tests/robot-cases/Group3-Upgrade/verify.robot b/tests/robot-cases/Group3-Upgrade/verify.robot index 1a4d21556..669755940 100644 --- a/tests/robot-cases/Group3-Upgrade/verify.robot +++ b/tests/robot-cases/Group3-Upgrade/verify.robot @@ -9,13 +9,41 @@ ${HARBOR_ADMIN} admin *** Test Cases *** Test Case - Upgrade Verify + [Tags] 1.8-latest + ${data}= Load Json From File ${CURDIR}${/}data.json + Log To Console "Verify User..." + Run Keyword Verify User ${data} + Log To Console "Verify Project..." + Run Keyword Verify Project ${data} + Log To Console "Verify Member Exist..." + Run Keyword Verify Member Exist ${data} + #Run Keyword Verify Robot Account Exist ${data} + Log To Console "Verify User System Admin Role..." + Run Keyword Verify User System Admin Role ${data} + Log To Console "Verify Endpoint..." + Run Keyword Verify Endpoint ${data} + Log To Console "Verify Replicationrule..." + Run Keyword Verify Replicationrule ${data} + Log To Console "Verify Project Setting..." + Run Keyword Verify Project Setting ${data} + Log To Console "Verify System Setting..." + Run Keyword Verify System Setting ${data} + Log To Console "Verify Image Tag..." + Run Keyword Verify Image Tag ${data} + +Test Case - Upgrade Verify + [Tags] 1.9-latest ${data}= Load Json From File ${CURDIR}${/}data.json Run Keyword Verify User ${data} Run Keyword Verify Project ${data} Run Keyword Verify Member Exist ${data} + #Run Keyword Verify Robot Account Exist ${data} + Run Keyword Verify Project-level Whitelist ${data} + #Run Keyword Verify Webhook ${data} Run Keyword Verify User System Admin Role ${data} Run Keyword Verify Endpoint ${data} Run Keyword Verify Replicationrule ${data} Run Keyword Verify Project Setting ${data} Run Keyword Verify System Setting ${data} + #Run Keyword Verify System Setting Whitelist ${data} Run Keyword Verify Image Tag ${data} \ No newline at end of file