mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-22 16:48:30 +01:00
Merge pull request #5024 from stonezdj/add_testcase
Add testcase for assign role to LDAP group.
This commit is contained in:
commit
b308c6e4fc
@ -0,0 +1,54 @@
|
||||
Test 12-01 LDAP Usergroup Add
|
||||
=======
|
||||
|
||||
# Purpose
|
||||
|
||||
To verify admin user can add an LDAP group
|
||||
|
||||
# References:
|
||||
|
||||
User guide
|
||||
|
||||
# Environments:
|
||||
|
||||
* This test requires that a Harbor instance is running and available.
|
||||
* An LDAP server is running and available, and enabled memberof overlay feature
|
||||
* LDAP group config parameter are configured.
|
||||
1. ldap_group_basedn
|
||||
1. ldap_group_filter
|
||||
1. ldap_gid
|
||||
1. ldap_group_scope
|
||||
|
||||
# Test Steps:
|
||||
|
||||
1. Login UI as admin user.
|
||||
1. In `Administration->User Group` page, Add an LDAP with a valid group DN with group name.
|
||||
### Expected Result
|
||||
* The user group should be created with specified name.
|
||||
1. In `Administration->User Group` page, Add an LDAP with a non-exist group DN
|
||||
### Expected Result
|
||||
* The user group can not be created
|
||||
1. In `Administration->User Group` page, Add an LDAP with a group DN which already exist, but with different name.
|
||||
### Expected Result
|
||||
* The user group is renamed to new user group name.
|
||||
1. In `Administration->User Group` page, Add an LDAP with a valid group DN without group name.
|
||||
### Expected Result
|
||||
* The user group is created and named with the same name in LDAP.
|
||||
1. Change the configure parameter ldap_group_basedn to another DN, so that the LDAP user group is outside the base DN.
|
||||
1. In `Administration->User Group` page, Add an LDAP with a valid group DN but outside the base DN.
|
||||
### Expected Result
|
||||
* The user group can not be created
|
||||
1. Change ldap_group_scope from 2 to 0, so that the LDAP group can not be found with the current scope.
|
||||
1. In `Administration->User Group` page, Add an LDAP with a valid group DN but can not be searched.
|
||||
### Expected Result
|
||||
* The user group can not be created
|
||||
1. Change ldap_group_filter to with a specified filter, so that it can filter out the current group DN.
|
||||
1. In `Administration->User Group` page, Add an LDAP with a valid group DN but this group DN is filtered
|
||||
### Expected Result
|
||||
* the user group can not be created.
|
||||
1. Change ldap_gid with another attribute other than cn
|
||||
1. In `Administration->User Group` page, Add an LDAP with a valid group DN, check the user group name.
|
||||
### Expected Result
|
||||
* The user group is created, the group name is named by specified attributed.
|
||||
|
||||
|
@ -0,0 +1,35 @@
|
||||
Test 12-02 LDAP Usergroup Update
|
||||
=======
|
||||
|
||||
# Purpose
|
||||
|
||||
To verify admin user can update an LDAP group
|
||||
|
||||
# References:
|
||||
|
||||
User guide
|
||||
|
||||
# Environments:
|
||||
|
||||
* This test requires that a Harbor instance is running and available.
|
||||
* An LDAP server is running and available, and enabled memberof overlay feature
|
||||
* LDAP group config parameter are configured.
|
||||
1. ldap_group_basedn
|
||||
1. ldap_group_filter
|
||||
1. ldap_gid
|
||||
1. ldap_group_scope
|
||||
|
||||
# Test Steps:
|
||||
|
||||
1. Login UI as admin user.
|
||||
2. In `Administration->User Group` page, Add an LDAP with a valid group DN with group name.
|
||||
3. In `Administration->User Group` page, Update the user group with a different name.
|
||||
|
||||
|
||||
# Expected Outcome:
|
||||
|
||||
|
||||
* In step3 the user group name is updated
|
||||
|
||||
# Possible Problem:
|
||||
None
|
@ -0,0 +1,35 @@
|
||||
Test 12-03 LDAP Usergroup Delete
|
||||
=======
|
||||
|
||||
# Purpose
|
||||
|
||||
To verify admin user can delete an LDAP group
|
||||
|
||||
# References:
|
||||
|
||||
User guide
|
||||
|
||||
# Environments:
|
||||
|
||||
* This test requires that a Harbor instance is running and available.
|
||||
* An LDAP server is running and available, and enabled memberof overlay feature
|
||||
* LDAP group config parameter are configured.
|
||||
1. ldap_group_basedn
|
||||
1. ldap_group_filter
|
||||
1. ldap_gid
|
||||
1. ldap_group_scope
|
||||
|
||||
# Test Steps:
|
||||
|
||||
1. Login UI as admin user.
|
||||
2. In `Administration->User Group` page, Add an LDAP with a valid group DN with group name.
|
||||
3. In Project Member of library, assign this user group with a developer role to this user group.
|
||||
4. In `Administration->User Group` page, Delete the user group with a different name.
|
||||
5. Check Project Member of library, make sure there is no role for this user group.
|
||||
|
||||
# Expected Outcome:
|
||||
|
||||
* In step4 the user group is deleted, and all its project member information is removed too.
|
||||
|
||||
# Possible Problem:
|
||||
None
|
@ -0,0 +1,60 @@
|
||||
Test 3-07 - LDAP usergroup manage project group members
|
||||
=======
|
||||
# Purpose:
|
||||
|
||||
To verify LDAP group can be assigned a role in project member
|
||||
|
||||
# References:
|
||||
User guide
|
||||
|
||||
# Environment:
|
||||
|
||||
* This test requires that a Harbor instance is running and available.
|
||||
* An LDAP server is running and available, and enabled memberof overlay feature
|
||||
* Harbor is set to authenticate against an LDAP or AD server. ( auth_mode is set to **ldap_auth** .) The user data is stored in an LDAP or AD server.
|
||||
* LDAP group config parameter are configured.
|
||||
1. ldap_group_basedn
|
||||
1. ldap_group_filter
|
||||
1. ldap_gid
|
||||
1. ldap_group_scope
|
||||
* A linux host with Docker CLI installed (Docker client).
|
||||
|
||||
# Test Steps:
|
||||
|
||||
1. Create group harbor_guest, harbor_dev, harbor_admin in LDAP.
|
||||
1. Create LDAP user guest_user, dev_user, admin_user in LDAP.
|
||||
Assign add group following members
|
||||
* harbbor_guest --- guest_user, admin_user.
|
||||
* harbor_dev --- dev_user.
|
||||
* harbor_admin --- admin_user.
|
||||
|
||||
1. Login as admin user, create private project proj_group_test
|
||||
1. Add following group with the roles to proj_group_test
|
||||
* harbor_guest --- guest, add this member with LDAP Group DN directly: cn=harbor_guest,ou=groups,dc=example,dc=com.
|
||||
* harbor_dev --- developer, create user group with LDAP group DN directly: cn=harbor_developer,ou=groups,dc=example,dc=com
|
||||
* Add a user group: group DN: cn=harbor_admin,ou=groups,dc=example,dc=com, with name harbor_admin,
|
||||
* Add project member, select existing user group harbor_admin, assign role administrator.
|
||||
1. Login user guest_user, dev_user, admin_user in web console. all of them can see the proj_group_test.
|
||||
|
||||
### Expected Results:
|
||||
|
||||
* All LDAP users guest_user, dev_user, admin_user can login and see the proj_group_test in web console.
|
||||
* guest_user has guest role in proj_group_test
|
||||
* dev_user has developer role in proj_group_test
|
||||
* admin_user has administrator role in proj_group_test
|
||||
|
||||
1. Login user guest_user, dev_user, admin_user in command line. try to push pull images.
|
||||
|
||||
### Expected Results:
|
||||
|
||||
* All LDAP users can login to harbor in command line.
|
||||
* guest_user -- can pull images
|
||||
* dev_user -- can pull/push images
|
||||
* admin_user -- can pull/push images
|
||||
|
||||
1. Remove admin_user from LDAP group harbor_admin, login again with admin_user. check the role in project proj_group_test
|
||||
### Expected Results:
|
||||
* After remove harbor_admin membership, the admin_user should have guest role in project proj_group_test.
|
||||
1. Remove admin_user from LDAP group harbor_guest, login again with admin_user, check the role in project
|
||||
### Expected Results:
|
||||
* After remove harbor_guest membership, the admin_user can not see the project proj_group_test.
|
@ -0,0 +1,49 @@
|
||||
Test 4-06 - User Views Logs (LDAP Mode)
|
||||
=======
|
||||
|
||||
# Purpose:
|
||||
|
||||
To verify that a LDAP user group can views logs when users are managed externally by LDAP or AD (LDAP mode).
|
||||
|
||||
# References:
|
||||
User guide
|
||||
|
||||
# Environment:
|
||||
|
||||
* This test requires that a Harbor instance is running and available.
|
||||
* An LDAP server is running and available, and enabled memberof overlay feature.
|
||||
* Harbor is set to authenticate against an LDAP or AD server. ( auth_mode is set to **ldap_auth** .) The user data is stored in an LDAP or AD server.
|
||||
* A linux host with Docker CLI installed (Docker client).
|
||||
* LDAP group config parameter are configured.
|
||||
1. ldap_group_basedn
|
||||
1. ldap_group_filter
|
||||
1. ldap_gid
|
||||
1. ldap_group_scope
|
||||
|
||||
# Test Steps:
|
||||
|
||||
1. Add group harbor_admin and create a user admin_user, admin_user is a member of harbor_admin
|
||||
2. Login to UI with admin user, create a private project ldap_group_proj
|
||||
3. Add a project member with ldap the LDAP DN of harbor_admin, with administrator role
|
||||
4. Log in to the UI as the admin_user in docker client.
|
||||
5. push/pull images to ldap_group_proj.
|
||||
6. View the logs of the project.
|
||||
7. Try below search criteria to see if the search result is correct:
|
||||
|
||||
* push only
|
||||
* pull only
|
||||
* pull and push
|
||||
* delete only
|
||||
* all
|
||||
* push and delete
|
||||
* different date ranges
|
||||
* date range and push
|
||||
|
||||
# Expected Outcome:
|
||||
|
||||
* All operations in Step 5 should be logged.
|
||||
* Logs can be viewed in Step 6, check if the time and operations are correct.
|
||||
* Logs can be filtered in Step 6.
|
||||
|
||||
# Possible Problems:
|
||||
None
|
Loading…
Reference in New Issue
Block a user