Add testcase for assign role to LDAP group.

Including 1. LDAP group configure settings 2. Assign role to LDAP user group. 3. Manage user group
2024-11-22 02:05:41 +01:00 · 2018-05-22 10:37:38 +08:00 · 2018-05-22 10:37:38 +08:00 · ab20642f0d
commit ab20642f0d
parent 2844d137d3
5 changed files with 233 additions and 0 deletions
--- a/tests/testcases/Group12-group-management/12-01-LDAP-usergroup-add.md
+++ b/tests/testcases/Group12-group-management/12-01-LDAP-usergroup-add.md
@ -0,0 +1,54 @@
+Test 12-01 LDAP Usergroup Add
+=======
+
+# Purpose
+
+To verify admin user can add an LDAP group
+
+# References:
+
+User guide
+
+# Environments:
+
+* This test requires that a Harbor instance is running and available.
+* An LDAP server is running and available, and enabled memberof overlay feature
+* LDAP group config parameter are configured.
+    1. ldap_group_basedn
+    1. ldap_group_filter
+    1. ldap_gid 
+    1. ldap_group_scope   
+
+# Test Steps:
+
+1. Login UI as admin user.
+1. In `Administration->User Group` page, Add an LDAP with a valid group DN with group name.
+   ### Expected Result
+      * The user group should be created with specified name.
+1. In `Administration->User Group` page, Add an LDAP with a non-exist group DN 
+   ### Expected Result
+      * The user group can not be created
+1. In `Administration->User Group` page, Add an LDAP with a group DN which already exist, but with different name.
+   ### Expected Result
+      * The user group is renamed to new user group name.
+1. In `Administration->User Group` page, Add an LDAP with a valid group DN without group name.
+   ### Expected Result
+      * The user group is created and named with the same name in LDAP.
+1. Change the configure parameter ldap_group_basedn to another DN, so that the LDAP user group is outside the base DN. 
+1. In `Administration->User Group` page, Add an LDAP with a valid group DN but outside the base DN.
+   ### Expected Result
+      * The user group can not be created
+1. Change ldap_group_scope from 2 to 0, so that the LDAP group can not be found with the current scope.
+1. In `Administration->User Group` page, Add an LDAP with a valid group DN but can not be searched.
+   ### Expected Result
+      * The user group can not be created
+1. Change ldap_group_filter to with a specified filter, so that it can filter out the current group DN.
+1. In `Administration->User Group` page, Add an LDAP with a valid group DN but this group DN is filtered
+   ### Expected Result
+      * the user group can not be created.
+1. Change ldap_gid with another attribute other than cn
+1. In `Administration->User Group` page, Add an LDAP with a valid group DN, check the user group name.
+   ### Expected Result
+      * The user group is created, the group name is named by specified attributed.
+
+
--- a/tests/testcases/Group12-group-management/12-02-LDAP-usergroup-update.md
+++ b/tests/testcases/Group12-group-management/12-02-LDAP-usergroup-update.md
@ -0,0 +1,35 @@
+Test 12-02 LDAP Usergroup Update
+=======
+
+# Purpose
+
+To verify admin user can update an LDAP group
+
+# References:
+
+User guide
+
+# Environments:
+
+* This test requires that a Harbor instance is running and available.
+* An LDAP server is running and available, and enabled memberof overlay feature
+* LDAP group config parameter are configured.
+    1. ldap_group_basedn
+    1. ldap_group_filter
+    1. ldap_gid 
+    1. ldap_group_scope   
+
+# Test Steps:
+
+1. Login UI as admin user.
+2. In `Administration->User Group` page, Add an LDAP with a valid group DN with group name.
+3. In `Administration->User Group` page, Update the user group with a different name.
+
+
+# Expected Outcome:
+
+
+* In step3 the user group name is updated
+
+# Possible Problem:
+None
--- a/tests/testcases/Group12-group-management/12-03-LDAP-usergroup-delete.md
+++ b/tests/testcases/Group12-group-management/12-03-LDAP-usergroup-delete.md
@ -0,0 +1,35 @@
+Test 12-03 LDAP Usergroup Delete
+=======
+
+# Purpose
+
+To verify admin user can delete an LDAP group
+
+# References:
+
+User guide
+
+# Environments:
+
+* This test requires that a Harbor instance is running and available.
+* An LDAP server is running and available, and enabled memberof overlay feature
+* LDAP group config parameter are configured.
+    1. ldap_group_basedn
+    1. ldap_group_filter
+    1. ldap_gid 
+    1. ldap_group_scope
+
+# Test Steps:
+
+1. Login UI as admin user.
+2. In `Administration->User Group` page, Add an LDAP with a valid group DN with group name.
+3. In Project Member of library, assign this user group with a developer role to this user group.
+4. In `Administration->User Group` page, Delete the user group with a different name.
+5. Check Project Member of library, make sure there is no role for this user group.
+
+# Expected Outcome:
+
+* In step4 the user group is deleted, and all its project member information is removed too.
+
+# Possible Problem:
+None
--- a/tests/testcases/Group3-RBAC/3-07-LDAP-usergroup-manage-project-groupmembers.md
+++ b/tests/testcases/Group3-RBAC/3-07-LDAP-usergroup-manage-project-groupmembers.md
@ -0,0 +1,60 @@
+Test 3-07 - LDAP usergroup manage project group members
+=======
+# Purpose:
+
+To verify LDAP group can be assigned a role in project member
+
+# References:
+User guide
+
+# Environment:
+
+* This test requires that a Harbor instance is running and available.
+* An LDAP server is running and available, and enabled memberof overlay feature
+* Harbor is set to authenticate against an LDAP or AD server. ( auth_mode is set to **ldap_auth** .) The user data is stored in an LDAP or AD server.
+* LDAP group config parameter are configured.
+    1. ldap_group_basedn
+    1. ldap_group_filter
+    1. ldap_gid 
+    1. ldap_group_scope   
+* A linux host with Docker CLI installed (Docker client).
+
+# Test Steps:
+
+1. Create group  harbor_guest, harbor_dev, harbor_admin in LDAP.
+1. Create LDAP user guest_user, dev_user, admin_user in LDAP.
+    Assign add group following members
+      * harbbor_guest --- guest_user, admin_user.
+      * harbor_dev    --- dev_user.
+      * harbor_admin  --- admin_user.
+
+1. Login as admin user, create private project proj_group_test
+1. Add following group with the roles to proj_group_test
+    * harbor_guest  --- guest, add this member with LDAP Group DN directly: cn=harbor_guest,ou=groups,dc=example,dc=com.
+    * harbor_dev    --- developer, create user group with LDAP group DN directly: cn=harbor_developer,ou=groups,dc=example,dc=com
+    * Add a user group: group DN: cn=harbor_admin,ou=groups,dc=example,dc=com, with name harbor_admin, 
+    * Add project member, select existing user group harbor_admin, assign role administrator.
+1. Login user guest_user, dev_user, admin_user in web console. all of them can see the proj_group_test.
+
+   ### Expected Results:
+
+   * All LDAP users guest_user, dev_user, admin_user can login and see the proj_group_test in web console.
+   * guest_user has guest role in proj_group_test
+   * dev_user has developer role in proj_group_test
+   * admin_user has administrator role in proj_group_test
+
+1. Login user guest_user, dev_user, admin_user in command line. try to push pull images.
+
+   ### Expected Results:
+
+   * All LDAP users can login to harbor in command line. 
+   *  guest_user -- can pull images
+   *  dev_user   -- can pull/push images
+   *  admin_user -- can pull/push images
+
+1. Remove admin_user from LDAP group harbor_admin, login again with admin_user. check the role in project proj_group_test
+   ### Expected Results:
+   *  After remove harbor_admin membership, the admin_user should have guest role in project proj_group_test.
+1. Remove admin_user from LDAP group harbor_guest, login again with admin_user, check the role in project 
+   ### Expected Results:
+   *  After remove harbor_guest membership, the admin_user can not see the project proj_group_test.
--- a/tests/testcases/Group4-logging/4-06-LDAP-usergroup-view-logs.md
+++ b/tests/testcases/Group4-logging/4-06-LDAP-usergroup-view-logs.md
@ -0,0 +1,49 @@
+Test 4-06 - User Views Logs (LDAP Mode)
+=======
+
+# Purpose:
+
+To verify that a LDAP user group can views logs when users are managed externally by LDAP or AD (LDAP mode).
+
+# References:
+User guide
+
+# Environment:
+
+* This test requires that a Harbor instance is running and available.
+* An LDAP server is running and available, and enabled memberof overlay feature.
+* Harbor is set to authenticate against an LDAP or AD server. ( auth_mode is set to **ldap_auth** .) The user data is stored in an LDAP or AD server.
+* A linux host with Docker CLI installed (Docker client).
+* LDAP group config parameter are configured.
+    1. ldap_group_basedn
+    1. ldap_group_filter
+    1. ldap_gid 
+    1. ldap_group_scope   
+
+# Test Steps:
+
+1. Add group harbor_admin and create a user admin_user, admin_user is a member of harbor_admin
+2. Login to UI with admin user, create a private project ldap_group_proj
+3. Add a project member with ldap the LDAP DN of harbor_admin, with administrator role
+4. Log in to the UI as the admin_user in docker client.
+5. push/pull images to ldap_group_proj.
+6. View the logs of the project. 
+7. Try below search criteria to see if the search result is correct:
+
+* push only
+* pull only
+* pull and push
+* delete only
+* all
+* push and delete
+* different date ranges 
+* date range and push
+
+# Expected Outcome:
+
+* All operations in Step 5 should be logged.
+* Logs can be viewed in Step 6, check if the time and operations are correct.
+* Logs can be filtered in Step 6.
+
+# Possible Problems:
+None