From ad77098acf4aca62b7e42f76700f2b3dda529753 Mon Sep 17 00:00:00 2001
From: danfengliu <danfengl@vmware.com>
Date: Wed, 21 Nov 2018 12:19:28 +0800
Subject: [PATCH] add test case project level policy content trust. (#6309)

Add test case project level policy content trust.
Signed-off-by: danfengliu <danfengl@vmware.com>
---
 tests/apitests/python/library/docker_api.py   | 18 ++--
 tests/apitests/python/library/repository.py   | 27 +++++-
 ...test_project_level_policy_content_trust.py | 90 +++++++++++++++++++
 tests/robot-cases/Group0-BAT/API_DB.robot     |  4 +-
 4 files changed, 130 insertions(+), 9 deletions(-)
 create mode 100644 tests/apitests/python/test_project_level_policy_content_trust.py

diff --git a/tests/apitests/python/library/docker_api.py b/tests/apitests/python/library/docker_api.py
index 4d46a85f7..26691334a 100644
--- a/tests/apitests/python/library/docker_api.py
+++ b/tests/apitests/python/library/docker_api.py
@@ -19,16 +19,20 @@ class DockerAPI(object):
         except docker.errors.APIError, e:
             raise Exception(r" Docker login failed, error is [{}]".format (e.message))
 
-    def docker_image_pull(self, image, tag = None):
-        _tag = "latest"
+    def docker_image_pull(self, image, tag = None, expected_error_message = None):
         if tag is not None:
             _tag = tag
+        else:
+            _tag = "latest"
         try:
-            tag = base._random_name("tag")
-            pull_ret = base._get_string_from_unicode(self.DCLIENT.pull('{}:{}'.format(image, _tag)))
-            print "pull_ret:", pull_ret
-        except docker.errors.APIError, e:
-            raise Exception(r" Docker pull image {} failed, error is [{}]".format (image, e.message))
+            base._get_string_from_unicode(self.DCLIENT.pull(r'{}:{}'.format(image, _tag)))
+        except Exception, err:
+            if expected_error_message is not None:
+                print "docker image pull error:", str(err)
+                if str(err).lower().find(expected_error_message.lower()) < 0:
+                    raise Exception(r"Pull image: Return message {} is not as expected {}".format(return_message, expected_error_message))
+            else:
+                raise Exception(r" Docker pull image {} failed, error is [{}]".format (image, e.message))
 
     def docker_image_tag(self, image, harbor_registry, tag = None):
         _tag = base._random_name("tag")
diff --git a/tests/apitests/python/library/repository.py b/tests/apitests/python/library/repository.py
index a2a2e60cb..b936d15a1 100644
--- a/tests/apitests/python/library/repository.py
+++ b/tests/apitests/python/library/repository.py
@@ -5,12 +5,24 @@ import base
 import swagger_client
 from docker_api import DockerAPI
 
+def pull_harbor_image(registry, username, password, image, tag, expected_error_message = None):
+    _docker_api = DockerAPI()
+    _docker_api.docker_login(registry, username, password)
+    time.sleep(2)
+    _docker_api.docker_image_pull(r'{}/{}'.format(registry, image), tag = tag, expected_error_message = expected_error_message)
+
+def pull_harbor_image_successfully(registry, username, password, image, tag):
+    pull_harbor_image(registry, username, password, image, tag)
+
+def pull_harbor_image_unsuccessfully(registry, username, password, image, tag, expected_error_message):
+    pull_harbor_image(registry, username, password, image, tag, expected_error_message = expected_error_message)
+
 def push_image_to_project(project_name, registry, username, password, image, tag):
     _docker_api = DockerAPI()
     _docker_api.docker_login(registry, username, password)
     time.sleep(2)
 
-    _docker_api.docker_image_pull(image, tag)
+    _docker_api.docker_image_pull(image, tag = tag)
     time.sleep(2)
 
     new_harbor_registry, new_tag = _docker_api.docker_image_tag(image, r'{}/{}/{}'.format(registry, project_name, image))
@@ -20,6 +32,13 @@ def push_image_to_project(project_name, registry, username, password, image, tag
 
     return r'{}/{}'.format(project_name, image), new_tag
 
+def is_repo_exist_in_project(repositories, repo_name):
+    result = False
+    for reop in repositories:
+        if reop.name == repo_name:
+            return True
+    return result
+
 class Repository(base.Base):
 
     def list_tags(self, repository, **kwargs):
@@ -108,3 +127,9 @@ class Repository(base.Base):
         self.scan_image(repo_name, tag, **kwargs)
         self.check_image_scan_result(repo_name, tag, **kwargs)
 
+    def repository_should_exist(self, project_id, repo_name, **kwargs):
+        repositories = self.get_repository(project_id, **kwargs)
+        if is_repo_exist_in_project(repositories, repo_name) == False:
+            raise Exception("Repository {} is not exist.".format(repo_name))
+
+
diff --git a/tests/apitests/python/test_project_level_policy_content_trust.py b/tests/apitests/python/test_project_level_policy_content_trust.py
new file mode 100644
index 000000000..05b32aa6a
--- /dev/null
+++ b/tests/apitests/python/test_project_level_policy_content_trust.py
@@ -0,0 +1,90 @@
+from __future__ import absolute_import
+
+import unittest
+
+from testutils import ADMIN_CLIENT
+from testutils import harbor_server
+
+from testutils import TEARDOWN
+from library.project import Project
+from library.user import User
+from library.repository import Repository
+from library.repository import push_image_to_project
+from library.repository import pull_harbor_image_successfully
+from library.repository import pull_harbor_image_unsuccessfully
+
+class TestProjects(unittest.TestCase):
+    @classmethod
+    def setUp(self):
+        project = Project()
+        self.project= project
+
+        user = User()
+        self.user= user
+
+        repo = Repository()
+        self.repo= repo
+
+    @classmethod
+    def tearDown(self):
+        print "Case completed"
+
+    @unittest.skipIf(TEARDOWN == False, "Test data should be remain in the harbor.")
+    def test_ClearData(self):
+        #1. Delete repository(RA) by user(UA);
+        self.repo.delete_repoitory(TestProjects.repo_name, **TestProjects.USER_CONTENT_TRUST_CLIENT)
+
+        #2. Delete project(PA);
+        self.project.delete_project(TestProjects.project_content_trust_id, **TestProjects.USER_CONTENT_TRUST_CLIENT)
+
+        #3. Delete user(UA);
+        self.user.delete_user(TestProjects.user_content_trust_id, **ADMIN_CLIENT)
+
+    def testProjectLevelPolicyContentTrust(self):
+        """
+        Test case:
+            Project Level Policy Content Trust
+        Test step & Expectation:
+            1. Create a new user(UA);
+            2. Create a new project(PA) by user(UA);
+            3. Push a new image(IA) in project(PA) by admin;
+            4. Image(IA) should exist;
+            5. Pull image(IA) successfully;
+            6. Enable content trust in project(PA) configuration;
+            7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
+        Tear down:
+            1. Delete repository(RA) by user(UA);
+            2. Delete project(PA);
+            3. Delete user(UA);
+        """
+        url = ADMIN_CLIENT["endpoint"]
+        admin_name = ADMIN_CLIENT["username"]
+        admin_password = ADMIN_CLIENT["password"]
+        user_content_trust_password = "Aa123456"
+
+        #1. Create a new user(UA);
+        TestProjects.user_content_trust_id, user_content_trust_name = self.user.create_user_success(user_password = user_content_trust_password, **ADMIN_CLIENT)
+
+        TestProjects.USER_CONTENT_TRUST_CLIENT=dict(endpoint = url, username = user_content_trust_name, password = user_content_trust_password)
+
+        #2. Create a new project(PA) by user(UA);
+        TestProjects.project_content_trust_id, project_content_trust_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CONTENT_TRUST_CLIENT)
+
+        #3. Push a new image(IA) in project(PA) by admin;
+        TestProjects.repo_name, tag = push_image_to_project(project_content_trust_name, harbor_server, admin_name, admin_password, "hello-world", "latest")
+
+        #4. Image(IA) should exist;
+        self.repo.image_should_exist(TestProjects.repo_name, tag, **TestProjects.USER_CONTENT_TRUST_CLIENT)
+
+        #5. Pull image(IA) successfully;
+        pull_harbor_image_successfully(harbor_server, admin_name, admin_password, TestProjects.repo_name, tag)
+
+        #6. Enable content trust in project(PA) configuration;
+        self.project.update_project(TestProjects.project_content_trust_id, metadata = {"enable_content_trust": "true"}, **TestProjects.USER_CONTENT_TRUST_CLIENT)
+
+        #7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
+        pull_harbor_image_unsuccessfully(harbor_server, admin_name, admin_password, TestProjects.repo_name, tag, "The image is not signed in Notary")
+
+if __name__ == '__main__':
+    unittest.main()
+
diff --git a/tests/robot-cases/Group0-BAT/API_DB.robot b/tests/robot-cases/Group0-BAT/API_DB.robot
index 00219f2b2..c45277be3 100644
--- a/tests/robot-cases/Group0-BAT/API_DB.robot
+++ b/tests/robot-cases/Group0-BAT/API_DB.robot
@@ -30,4 +30,6 @@ Test Case - Edit Project Creation
 Test Case - Scan Image
     Harbor API Test  ./tests/apitests/python/test_scan_image.py
 Test Case - Manage Project Member
-    Harbor API Test  ./tests/apitests/python/test_manage_project_member.py
\ No newline at end of file
+    Harbor API Test  ./tests/apitests/python/test_manage_project_member.py
+Test Case - Project Level Policy Content Trust
+    Harbor API Test  ./tests/apitests/python/test_project_level_policy_content_trust.py
\ No newline at end of file