Merge pull request #5024 from stonezdj/add_testcase

Add testcase for assign role to LDAP group.
This commit is contained in:
stonezdj(Daojun Zhang) 2018-05-31 01:17:33 +08:00 committed by GitHub
commit b308c6e4fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 233 additions and 0 deletions

View File

@ -0,0 +1,54 @@
Test 12-01 LDAP Usergroup Add
=======
# Purpose
To verify admin user can add an LDAP group
# References:
User guide
# Environments:
* This test requires that a Harbor instance is running and available.
* An LDAP server is running and available, and enabled memberof overlay feature
* LDAP group config parameter are configured.
1. ldap_group_basedn
1. ldap_group_filter
1. ldap_gid
1. ldap_group_scope
# Test Steps:
1. Login UI as admin user.
1. In `Administration->User Group` page, Add an LDAP with a valid group DN with group name.
### Expected Result
* The user group should be created with specified name.
1. In `Administration->User Group` page, Add an LDAP with a non-exist group DN
### Expected Result
* The user group can not be created
1. In `Administration->User Group` page, Add an LDAP with a group DN which already exist, but with different name.
### Expected Result
* The user group is renamed to new user group name.
1. In `Administration->User Group` page, Add an LDAP with a valid group DN without group name.
### Expected Result
* The user group is created and named with the same name in LDAP.
1. Change the configure parameter ldap_group_basedn to another DN, so that the LDAP user group is outside the base DN.
1. In `Administration->User Group` page, Add an LDAP with a valid group DN but outside the base DN.
### Expected Result
* The user group can not be created
1. Change ldap_group_scope from 2 to 0, so that the LDAP group can not be found with the current scope.
1. In `Administration->User Group` page, Add an LDAP with a valid group DN but can not be searched.
### Expected Result
* The user group can not be created
1. Change ldap_group_filter to with a specified filter, so that it can filter out the current group DN.
1. In `Administration->User Group` page, Add an LDAP with a valid group DN but this group DN is filtered
### Expected Result
* the user group can not be created.
1. Change ldap_gid with another attribute other than cn
1. In `Administration->User Group` page, Add an LDAP with a valid group DN, check the user group name.
### Expected Result
* The user group is created, the group name is named by specified attributed.

View File

@ -0,0 +1,35 @@
Test 12-02 LDAP Usergroup Update
=======
# Purpose
To verify admin user can update an LDAP group
# References:
User guide
# Environments:
* This test requires that a Harbor instance is running and available.
* An LDAP server is running and available, and enabled memberof overlay feature
* LDAP group config parameter are configured.
1. ldap_group_basedn
1. ldap_group_filter
1. ldap_gid
1. ldap_group_scope
# Test Steps:
1. Login UI as admin user.
2. In `Administration->User Group` page, Add an LDAP with a valid group DN with group name.
3. In `Administration->User Group` page, Update the user group with a different name.
# Expected Outcome:
* In step3 the user group name is updated
# Possible Problem:
None

View File

@ -0,0 +1,35 @@
Test 12-03 LDAP Usergroup Delete
=======
# Purpose
To verify admin user can delete an LDAP group
# References:
User guide
# Environments:
* This test requires that a Harbor instance is running and available.
* An LDAP server is running and available, and enabled memberof overlay feature
* LDAP group config parameter are configured.
1. ldap_group_basedn
1. ldap_group_filter
1. ldap_gid
1. ldap_group_scope
# Test Steps:
1. Login UI as admin user.
2. In `Administration->User Group` page, Add an LDAP with a valid group DN with group name.
3. In Project Member of library, assign this user group with a developer role to this user group.
4. In `Administration->User Group` page, Delete the user group with a different name.
5. Check Project Member of library, make sure there is no role for this user group.
# Expected Outcome:
* In step4 the user group is deleted, and all its project member information is removed too.
# Possible Problem:
None

View File

@ -0,0 +1,60 @@
Test 3-07 - LDAP usergroup manage project group members
=======
# Purpose:
To verify LDAP group can be assigned a role in project member
# References:
User guide
# Environment:
* This test requires that a Harbor instance is running and available.
* An LDAP server is running and available, and enabled memberof overlay feature
* Harbor is set to authenticate against an LDAP or AD server. ( auth_mode is set to **ldap_auth** .) The user data is stored in an LDAP or AD server.
* LDAP group config parameter are configured.
1. ldap_group_basedn
1. ldap_group_filter
1. ldap_gid
1. ldap_group_scope
* A linux host with Docker CLI installed (Docker client).
# Test Steps:
1. Create group harbor_guest, harbor_dev, harbor_admin in LDAP.
1. Create LDAP user guest_user, dev_user, admin_user in LDAP.
Assign add group following members
* harbbor_guest --- guest_user, admin_user.
* harbor_dev --- dev_user.
* harbor_admin --- admin_user.
1. Login as admin user, create private project proj_group_test
1. Add following group with the roles to proj_group_test
* harbor_guest --- guest, add this member with LDAP Group DN directly: cn=harbor_guest,ou=groups,dc=example,dc=com.
* harbor_dev --- developer, create user group with LDAP group DN directly: cn=harbor_developer,ou=groups,dc=example,dc=com
* Add a user group: group DN: cn=harbor_admin,ou=groups,dc=example,dc=com, with name harbor_admin,
* Add project member, select existing user group harbor_admin, assign role administrator.
1. Login user guest_user, dev_user, admin_user in web console. all of them can see the proj_group_test.
### Expected Results:
* All LDAP users guest_user, dev_user, admin_user can login and see the proj_group_test in web console.
* guest_user has guest role in proj_group_test
* dev_user has developer role in proj_group_test
* admin_user has administrator role in proj_group_test
1. Login user guest_user, dev_user, admin_user in command line. try to push pull images.
### Expected Results:
* All LDAP users can login to harbor in command line.
* guest_user -- can pull images
* dev_user -- can pull/push images
* admin_user -- can pull/push images
1. Remove admin_user from LDAP group harbor_admin, login again with admin_user. check the role in project proj_group_test
### Expected Results:
* After remove harbor_admin membership, the admin_user should have guest role in project proj_group_test.
1. Remove admin_user from LDAP group harbor_guest, login again with admin_user, check the role in project
### Expected Results:
* After remove harbor_guest membership, the admin_user can not see the project proj_group_test.

View File

@ -0,0 +1,49 @@
Test 4-06 - User Views Logs (LDAP Mode)
=======
# Purpose:
To verify that a LDAP user group can views logs when users are managed externally by LDAP or AD (LDAP mode).
# References:
User guide
# Environment:
* This test requires that a Harbor instance is running and available.
* An LDAP server is running and available, and enabled memberof overlay feature.
* Harbor is set to authenticate against an LDAP or AD server. ( auth_mode is set to **ldap_auth** .) The user data is stored in an LDAP or AD server.
* A linux host with Docker CLI installed (Docker client).
* LDAP group config parameter are configured.
1. ldap_group_basedn
1. ldap_group_filter
1. ldap_gid
1. ldap_group_scope
# Test Steps:
1. Add group harbor_admin and create a user admin_user, admin_user is a member of harbor_admin
2. Login to UI with admin user, create a private project ldap_group_proj
3. Add a project member with ldap the LDAP DN of harbor_admin, with administrator role
4. Log in to the UI as the admin_user in docker client.
5. push/pull images to ldap_group_proj.
6. View the logs of the project.
7. Try below search criteria to see if the search result is correct:
* push only
* pull only
* pull and push
* delete only
* all
* push and delete
* different date ranges
* date range and push
# Expected Outcome:
* All operations in Step 5 should be logged.
* Logs can be viewed in Step 6, check if the time and operations are correct.
* Logs can be filtered in Step 6.
# Possible Problems:
None