mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-28 21:25:55 +01:00
Add Referrers API testcase (#18775)
Fix #18617 Signed-off-by: Yang Jiao <jiaoya@vmware.com>
This commit is contained in:
parent
a98711c0fc
commit
97c1fdcd8e
@ -1,10 +1,21 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
import base
|
||||
import os
|
||||
|
||||
def generate_key_pair():
|
||||
config_key_file = "cosign.key"
|
||||
config_pub_file = "cosign.pub"
|
||||
if os.path.exists(config_key_file) and os.path.exists(config_pub_file):
|
||||
os.remove(config_key_file)
|
||||
os.remove(config_pub_file)
|
||||
command = ["cosign", "generate-key-pair"]
|
||||
base.run_command(command)
|
||||
|
||||
def sign_artifact(artifact):
|
||||
command = ["cosign", "sign", "-y", "--allow-insecure-registry", "--key", "cosign.key", artifact]
|
||||
base.run_command(command)
|
||||
|
||||
def push_artifact_sbom(artifact, sbom_path, type="spdx"):
|
||||
command = ["cosign", "attach", "sbom", "--allow-insecure-registry", "--registry-referrers-mode", "oci-1-1",
|
||||
"--type", type, "--sbom", sbom_path, artifact]
|
||||
base.run_command(command)
|
||||
|
12
tests/apitests/python/library/referrers_api.py
Normal file
12
tests/apitests/python/library/referrers_api.py
Normal file
@ -0,0 +1,12 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
import requests
|
||||
|
||||
def call(server, project_name, repo_name, digest, artifactType=None, **kwargs):
|
||||
url=None
|
||||
auth = (kwargs.get("username"), kwargs.get("password"))
|
||||
if artifactType:
|
||||
artifactType = artifactType.replace("+", "%2B")
|
||||
url="https://{}/v2/{}/{}/referrers/{}?artifactType={}".format(server, project_name, repo_name, digest, artifactType)
|
||||
else:
|
||||
url="https://{}/v2/{}/{}/referrers/{}".format(server, project_name, repo_name, digest)
|
||||
return requests.get(url, auth=auth, verify=False)
|
117
tests/apitests/python/test_referrers_api.py
Normal file
117
tests/apitests/python/test_referrers_api.py
Normal file
@ -0,0 +1,117 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from __future__ import absolute_import
|
||||
import unittest
|
||||
|
||||
from testutils import harbor_server, files_directory, ADMIN_CLIENT, suppress_urllib3_warning
|
||||
from library import cosign, referrers_api
|
||||
from library.project import Project
|
||||
from library.user import User
|
||||
from library.artifact import Artifact
|
||||
from library.repository import push_self_build_image_to_project
|
||||
from library import docker_api
|
||||
|
||||
class TestReferrersApi(unittest.TestCase):
|
||||
|
||||
@suppress_urllib3_warning
|
||||
def setUp(self):
|
||||
self.project= Project()
|
||||
self.user= User()
|
||||
self.artifact = Artifact()
|
||||
self.image = "artifact_test"
|
||||
self.tag = "dev"
|
||||
self.sbom_path = files_directory + "sbom_test.json"
|
||||
self.sbom_artifact_type = "application/vnd.dev.cosign.artifact.sbom.v1+json"
|
||||
self.signature_artifact_type = "application/vnd.oci.image.config.v1+json"
|
||||
|
||||
def testReferrersApi(self):
|
||||
"""
|
||||
Test case:
|
||||
Referrers Api
|
||||
Test step and expected result:
|
||||
1. Create a new user(UA);
|
||||
2. Create a new project(PA) by user(UA);
|
||||
3. Push a new image(IA) in project(PA) by user(UA);
|
||||
4. Push image(IA) SBOM to project(PA) by user(UA);
|
||||
5. Sign image(IA) with cosign;
|
||||
6. Sign image(IA) SBOM with cosign;
|
||||
7. Call the referrers api successfully;
|
||||
8. Call the referrers api and filter artifact_type;
|
||||
Tear down:
|
||||
1. Delete project(PA);
|
||||
2. Delete user(UA).
|
||||
"""
|
||||
url = ADMIN_CLIENT["endpoint"]
|
||||
user_password = "Aa123456"
|
||||
|
||||
# 1. Create user(UA)
|
||||
_, user_name = self.user.create_user(user_password = user_password, **ADMIN_CLIENT)
|
||||
user_client = dict(endpoint = url, username = user_name, password = user_password, with_accessory = True)
|
||||
|
||||
# 2. Create private project(PA) by user(UA)
|
||||
_, project_name = self.project.create_project(metadata = {"public": "false"}, **user_client)
|
||||
|
||||
# 3. Push a new image(IA) in project(PA) by user(UA)
|
||||
push_self_build_image_to_project(project_name, harbor_server, user_name, user_password, self.image, self.tag)
|
||||
|
||||
# 4. Push image(IA) SBOM to project(PA) by user(UA)
|
||||
docker_api.docker_login_cmd(harbor_server, user_name, user_password, enable_manifest = False)
|
||||
cosign.push_artifact_sbom("{}/{}/{}:{}".format(harbor_server, project_name, self.image, self.tag), self.sbom_path)
|
||||
artifact_info = self.artifact.get_reference_info(project_name, self.image, self.tag, **user_client)
|
||||
artifact_digest = artifact_info.digest
|
||||
sbom_digest = artifact_info.accessories[0].digest
|
||||
|
||||
# 5. Sign image(IA) with cosign
|
||||
cosign.generate_key_pair()
|
||||
cosign.sign_artifact("{}/{}/{}:{}".format(harbor_server, project_name, self.image, self.tag))
|
||||
artifact_info = self.artifact.get_reference_info(project_name, self.image, self.tag, **user_client)
|
||||
self.assertEqual(len(artifact_info.accessories), 2)
|
||||
signature_digest = None
|
||||
for accessory in artifact_info.accessories:
|
||||
if accessory.digest != sbom_digest:
|
||||
signature_digest = accessory.digest
|
||||
break
|
||||
|
||||
# 6. Sign image(IA) SBOM cosign
|
||||
cosign.sign_artifact("{}/{}/{}@{}".format(harbor_server, project_name, self.image, sbom_digest))
|
||||
|
||||
# 7. Call the referrers api successfully
|
||||
res_json = referrers_api.call(harbor_server, project_name, self.image, artifact_digest, **user_client).json()
|
||||
self.assertEqual(len(res_json["manifests"]), 2)
|
||||
for manifest in res_json["manifests"]:
|
||||
self.assertIn(manifest["digest"], [signature_digest, sbom_digest])
|
||||
self.assertIn(manifest["artifactType"], [self.signature_artifact_type, self.sbom_artifact_type])
|
||||
self.assertIsNotNone(manifest["mediaType"])
|
||||
self.assertIsNotNone(manifest["size"])
|
||||
|
||||
res_json = referrers_api.call(harbor_server, project_name, self.image, sbom_digest, **user_client).json()
|
||||
self.assertEqual(len(res_json["manifests"]), 1)
|
||||
manifest = res_json["manifests"][0]
|
||||
self.assertIsNotNone(manifest["digest"])
|
||||
self.assertIsNotNone(manifest["artifactType"], [self.signature_artifact_type, self.sbom_artifact_type])
|
||||
self.assertIsNotNone(manifest["mediaType"])
|
||||
self.assertIsNotNone(manifest["size"])
|
||||
|
||||
# 8. Call the referrers api and filter artifact_type
|
||||
res = referrers_api.call(harbor_server, project_name, self.image, artifact_digest, self.sbom_artifact_type, **user_client)
|
||||
self.assertEqual(res.headers["Oci-Filters-Applied"], "artifactType")
|
||||
res_json = res.json()
|
||||
self.assertEqual(len(res_json["manifests"]), 1)
|
||||
manifest = res_json["manifests"][0]
|
||||
self.assertEqual(manifest["digest"], sbom_digest)
|
||||
self.assertIn(manifest["artifactType"], self.sbom_artifact_type)
|
||||
self.assertIsNotNone(manifest["mediaType"])
|
||||
self.assertIsNotNone(manifest["size"])
|
||||
|
||||
res = referrers_api.call(harbor_server, project_name, self.image, artifact_digest, self.signature_artifact_type, **user_client)
|
||||
self.assertEqual(res.headers["Oci-Filters-Applied"], "artifactType")
|
||||
res_json = res.json()
|
||||
self.assertEqual(len(res_json["manifests"]), 1)
|
||||
manifest = res_json["manifests"][0]
|
||||
self.assertEqual(manifest["digest"], signature_digest)
|
||||
self.assertIn(manifest["artifactType"], self.signature_artifact_type)
|
||||
self.assertIsNotNone(manifest["mediaType"])
|
||||
self.assertIsNotNone(manifest["size"])
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
46
tests/files/sbom_test.json
Normal file
46
tests/files/sbom_test.json
Normal file
@ -0,0 +1,46 @@
|
||||
{
|
||||
"SPDXID": "SPDXRef-DOCUMENT",
|
||||
"creationInfo": {
|
||||
"created": "2023-05-31T07:43:35.672590648Z",
|
||||
"creators": [
|
||||
"Tool: trivy",
|
||||
"Organization: aquasecurity"
|
||||
]
|
||||
},
|
||||
"dataLicense": "CC0-1.0",
|
||||
"documentDescribes": [
|
||||
"SPDXRef-ContainerImage-8e8b2798af13ee89"
|
||||
],
|
||||
"documentNamespace": "http://aquasecurity.github.io/trivy/container_image/artifact_test:dev-9648faf4-428e-46ad-a9e6-1d3f84c6f297",
|
||||
"name": "artifact_test:dev",
|
||||
"packages": [
|
||||
{
|
||||
"SPDXID": "SPDXRef-ContainerImage-8e8b2798af13ee89",
|
||||
"attributionTexts": [
|
||||
"SchemaVersion: 2",
|
||||
"ImageID: sha256:9517d37fc3457e070719ed8dead2a9134dd9d5126dd6ef55d15685337c3dc711",
|
||||
"RepoDigest: 10.202.250.222/test02/test@sha256:0feefb1b81993c1299a7f75a2c86d7cfed4b25859037657377d563d955e8e20f",
|
||||
"DiffID: sha256:6b245f040973e14e29f371ff2b4059c84ab2de8b7b9a04bc21fd4a7b0a72c446",
|
||||
"DiffID: sha256:6491a698ac806b35795f23098e169f50b2b6f179900b5625e5677cb1df2651ca",
|
||||
"RepoTag: artifact_test:dev"
|
||||
],
|
||||
"externalRefs": [
|
||||
{
|
||||
"referenceCategory": "PACKAGE-MANAGER",
|
||||
"referenceLocator": "pkg:oci/test@sha256:0feefb1b81993c1299a7f75a2c86d7cfed4b25859037657377d563d955e8e20f?repository_url=10.202.250.222%2Ftest02%2Ftest\u0026arch=amd64",
|
||||
"referenceType": "purl"
|
||||
}
|
||||
],
|
||||
"filesAnalyzed": false,
|
||||
"name": "artifact_test:dev"
|
||||
}
|
||||
],
|
||||
"relationships": [
|
||||
{
|
||||
"relatedSpdxElement": "SPDXRef-ContainerImage-8e8b2798af13ee89",
|
||||
"relationshipType": "DESCRIBE",
|
||||
"spdxElementId": "SPDXRef-DOCUMENT"
|
||||
}
|
||||
],
|
||||
"spdxVersion": "SPDX-2.2"
|
||||
}
|
@ -182,3 +182,7 @@ Test Case - Job Service Dashboard
|
||||
Test Case - Retain Image Last Pull Time
|
||||
[Tags] retain_image_last_pull_time
|
||||
Harbor API Test ./tests/apitests/python/test_retain_image_last_pull_time.py
|
||||
|
||||
Test Case - Referrers API
|
||||
[Tags] referrers
|
||||
Harbor API Test ./tests/apitests/python/test_referrers_api.py
|
||||
|
Loading…
Reference in New Issue
Block a user