mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-23 09:08:26 +01:00
Remove notary test cases (#18620)
Fix #17955 Signed-off-by: Yang Jiao <jiaoya@vmware.com>
This commit is contained in:
parent
010042fb92
commit
c09e539027
@ -1,15 +0,0 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
import subprocess
|
||||
from testutils import notary_url, BASE_IMAGE_ABS_PATH_NAME
|
||||
from docker_api import docker_load_image, docker_image_clean_all
|
||||
|
||||
def sign_image(registry_ip, project_name, image, tag):
|
||||
docker_load_image(BASE_IMAGE_ABS_PATH_NAME)
|
||||
try:
|
||||
ret = subprocess.check_output(["./tests/apitests/python/sign_image.sh", registry_ip, project_name, image, tag, notary_url], shell=False)
|
||||
print("sign_image return: ", ret)
|
||||
except subprocess.CalledProcessError as e:
|
||||
raise Exception("Failed to sign image error is {} {}.".format(e.returncode, e.output))
|
||||
finally:
|
||||
docker_image_clean_all()
|
||||
|
@ -1,25 +0,0 @@
|
||||
#!/bin/sh
|
||||
IP=$1
|
||||
NOTARY_URL=$5
|
||||
PASSHRASE='Harbor12345'
|
||||
IMAGE=$IP/$2/$3:$4
|
||||
|
||||
echo $IP
|
||||
|
||||
export DOCKER_CONTENT_TRUST=1
|
||||
export DOCKER_CONTENT_TRUST_SERVER=$NOTARY_URL
|
||||
|
||||
export NOTARY_ROOT_PASSPHRASE=$PASSHRASE
|
||||
export NOTARY_TARGETS_PASSPHRASE=$PASSHRASE
|
||||
export NOTARY_SNAPSHOT_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=$PASSHRASE
|
||||
|
||||
docker login -u admin -p Harbor12345 $IP
|
||||
|
||||
docker tag $3:$4 $IMAGE
|
||||
docker push $IMAGE
|
||||
docker rmi -f $IMAGE
|
||||
|
@ -45,7 +45,7 @@ class TestProjects(unittest.TestCase):
|
||||
4. Image(IA) should exist;
|
||||
5. Pull image(IA) successfully;
|
||||
6. Enable content trust in project(PA) configuration;
|
||||
7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
|
||||
7. Pull image(IA) failed and the reason is "The image is not signed in Cosign".
|
||||
Tear down:
|
||||
1. Delete repository(RA) by user(UA);
|
||||
2. Delete project(PA);
|
||||
@ -76,15 +76,15 @@ class TestProjects(unittest.TestCase):
|
||||
|
||||
self.project.get_project(TestProjects.project_content_trust_id)
|
||||
#6. Enable content trust in project(PA) configuration;
|
||||
self.project.update_project(TestProjects.project_content_trust_id, metadata = {"enable_content_trust": "true"}, **TestProjects.USER_CONTENT_TRUST_CLIENT)
|
||||
self.project.update_project(TestProjects.project_content_trust_id, metadata = {"enable_content_trust_cosign": "true"}, **TestProjects.USER_CONTENT_TRUST_CLIENT)
|
||||
self.project.get_project(TestProjects.project_content_trust_id)
|
||||
|
||||
#7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
|
||||
#7. Pull image(IA) failed and the reason is "The image is not signed in Cosign".
|
||||
docker_image_clean_all()
|
||||
restart_process("containerd")
|
||||
restart_process("dockerd")
|
||||
time.sleep(30)
|
||||
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed in Notary")
|
||||
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed in Cosign")
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
||||
|
@ -1,12 +1,10 @@
|
||||
from __future__ import absolute_import
|
||||
import unittest
|
||||
import urllib
|
||||
|
||||
from testutils import ADMIN_CLIENT, suppress_urllib3_warning
|
||||
from testutils import harbor_server
|
||||
from testutils import TEARDOWN
|
||||
import library.oras
|
||||
from library.sign import sign_image
|
||||
from library.user import User
|
||||
from library.project import Project
|
||||
from library.repository import Repository
|
||||
@ -26,7 +24,7 @@ class TestProjects(unittest.TestCase):
|
||||
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
|
||||
def tearDown(self):
|
||||
#1. Delete user(UA);
|
||||
self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)
|
||||
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
|
||||
|
||||
def testOrasCli(self):
|
||||
"""
|
||||
@ -47,7 +45,7 @@ class TestProjects(unittest.TestCase):
|
||||
user_001_password = "Aa123456"
|
||||
|
||||
#1. Create user-001
|
||||
TestProjects.user_sign_image_id, user_name = self.user.create_user(user_password = user_001_password, **ADMIN_CLIENT)
|
||||
TestProjects.user_id, user_name = self.user.create_user(user_password = user_001_password, **ADMIN_CLIENT)
|
||||
|
||||
TestProjects.USER_CLIENT=dict(with_signature = True, endpoint = url, username = user_name, password = user_001_password)
|
||||
|
||||
|
@ -5,7 +5,6 @@ import urllib
|
||||
from testutils import ADMIN_CLIENT, suppress_urllib3_warning
|
||||
from testutils import harbor_server
|
||||
from testutils import TEARDOWN
|
||||
from library.sign import sign_image
|
||||
from library.artifact import Artifact
|
||||
from library.project import Project
|
||||
from library.user import User
|
||||
|
@ -11,7 +11,6 @@ from library.repository import Repository
|
||||
from library.repository import push_self_build_image_to_project
|
||||
from library.artifact import Artifact
|
||||
from library.scan import Scan
|
||||
from library.sign import sign_image
|
||||
|
||||
class TestScan(unittest.TestCase):
|
||||
@suppress_urllib3_warning
|
||||
@ -105,8 +104,7 @@ class TestScan(unittest.TestCase):
|
||||
image = BASE_IMAGE['name']
|
||||
tag = BASE_IMAGE['tag']
|
||||
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
|
||||
# Push base image in function sign_image.
|
||||
sign_image(harbor_server, self.project_name, image, tag)
|
||||
push_self_build_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image, tag)
|
||||
|
||||
#6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
|
||||
self.scan.scan_artifact(self.project_name, image, tag, **self.USER_CLIENT)
|
||||
|
@ -1,87 +0,0 @@
|
||||
from __future__ import absolute_import
|
||||
import unittest
|
||||
|
||||
from testutils import ADMIN_CLIENT, suppress_urllib3_warning
|
||||
from testutils import harbor_server
|
||||
from testutils import TEARDOWN
|
||||
from library.sign import sign_image
|
||||
from library.artifact import Artifact
|
||||
from library.project import Project
|
||||
from library.user import User
|
||||
from library.repository import Repository
|
||||
from library.repository import push_special_image_to_project
|
||||
|
||||
class TestProjects(unittest.TestCase):
|
||||
@suppress_urllib3_warning
|
||||
def setUp(self):
|
||||
self.project = Project()
|
||||
self.user = User()
|
||||
self.artifact = Artifact()
|
||||
self.repo = Repository()
|
||||
self.repo_name_1 = "test1_sign"
|
||||
|
||||
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
|
||||
def tearDown(self):
|
||||
# remove the deletion as the signed image cannot be deleted.
|
||||
#1. Delete repository(RA) by user(UA);
|
||||
#self.repo.delete_repository(TestProjects.project_sign_image_name, TestProjects.repo_name.split('/')[1], **TestProjects.USER_sign_image_CLIENT)
|
||||
|
||||
#2. Delete project(PA);
|
||||
#self.project.delete_project(TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT)
|
||||
|
||||
#3. Delete user(UA);
|
||||
self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)
|
||||
|
||||
def testSignImage(self):
|
||||
"""
|
||||
Test case:
|
||||
Sign A Image
|
||||
Test step and expected result:
|
||||
1. Create a new user(UA);
|
||||
2. Create a new private project(PA) by user(UA);
|
||||
3. Add user(UA) as a member of project(PA) with project-admin role;
|
||||
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
|
||||
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
|
||||
6. Sign image with tag(TA) which was tagged by step #5;
|
||||
7. Get signature of image with tag(TA), it should be exist.
|
||||
Tear down:
|
||||
NA
|
||||
"""
|
||||
url = ADMIN_CLIENT["endpoint"]
|
||||
user_001_password = "Aa123456"
|
||||
|
||||
#1. Create user-001
|
||||
TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user(user_password = user_001_password, **ADMIN_CLIENT)
|
||||
|
||||
TestProjects.USER_sign_image_CLIENT=dict(with_signature = True, endpoint = url, username = user_sign_image_name, password = user_001_password)
|
||||
|
||||
#2. Create a new private project(PA) by user(UA);
|
||||
TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT)
|
||||
|
||||
#3. Add user(UA) as a member of project(PA) with project-admin role;
|
||||
self.project.add_project_members(TestProjects.project_sign_image_id, user_id=TestProjects.user_sign_image_id, **ADMIN_CLIENT)
|
||||
|
||||
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
|
||||
self.project.projects_should_exist(dict(public=False), expected_count = 1,
|
||||
expected_project_id = TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT)
|
||||
|
||||
#Note:busybox is pulled in setup phase, and setup is a essential phase.
|
||||
image = "busybox"
|
||||
tag = "latest"
|
||||
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
|
||||
#TestProjects.repo_name, tag = push_self_build_image_to_project(TestProjects.project_sign_image_name, harbor_server, user_sign_image_name, user_001_password, image, src_tag)
|
||||
|
||||
#6. Sign image with tag(TA) which was tagged by step #5;
|
||||
sign_image(harbor_server, TestProjects.project_sign_image_name, image, tag)
|
||||
|
||||
#7. Get signature of image with tag(TA), it should be exist.
|
||||
artifact = self.artifact.get_reference_info(TestProjects.project_sign_image_name, image, tag, **TestProjects.USER_sign_image_CLIENT)
|
||||
self.assertEqual(artifact.tags[0].signed, True)
|
||||
|
||||
push_special_image_to_project(TestProjects.project_sign_image_name, harbor_server, user_sign_image_name, user_001_password, self.repo_name_1, ['1.0'])
|
||||
self.repo.delete_repository(TestProjects.project_sign_image_name, self.repo_name_1, **TestProjects.USER_sign_image_CLIENT)
|
||||
|
||||
self.repo.delete_repository(TestProjects.project_sign_image_name, image, expect_status_code=412, expect_response_body = "with signature cannot be deleted", **TestProjects.USER_sign_image_CLIENT)
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
@ -27,7 +27,6 @@ ADMIN_CLIENT=dict(endpoint = os.environ.get("HARBOR_HOST_SCHEMA", "https")+ "://
|
||||
CHART_API_CLIENT=dict(endpoint = os.environ.get("HARBOR_HOST_SCHEMA", "https")+ "://"+harbor_server+"/api", username = admin_user, password = admin_pwd)
|
||||
USER_ROLE=dict(admin=0,normal=1)
|
||||
TEARDOWN = os.environ.get('TEARDOWN', 'true').lower() in ('true', 'yes')
|
||||
notary_url = os.environ.get('NOTARY_URL', 'https://'+harbor_server+':4443')
|
||||
DOCKER_USER = os.environ.get('DOCKER_USER', '')
|
||||
DOCKER_PWD = os.environ.get('DOCKER_PWD', '')
|
||||
METRIC_URL = os.environ.get('METRIC_URL', 'http://'+harbor_server+':9090')
|
||||
|
@ -1,19 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
TIMEOUT=10
|
||||
while [ $TIMEOUT -gt 0 ]; do
|
||||
STATUS=$(curl -s -o /dev/null -w '%{http_code}' https://127.0.0.1:4443/v2/ -kv)
|
||||
if [ $STATUS -eq 401 ]; then
|
||||
echo "Notary is running success."
|
||||
break
|
||||
fi
|
||||
TIMEOUT=$(($TIMEOUT - 1))
|
||||
sleep 5
|
||||
done
|
||||
|
||||
if [ $TIMEOUT -eq 0 ]; then
|
||||
echo "Notary is running fail."
|
||||
exit 1
|
||||
fi
|
@ -17,10 +17,6 @@ Click Project Public
|
||||
Mouse Down //hbr-project-policy-config//input[@name='public']
|
||||
Mouse Up //hbr-project-policy-config//input[@name='public']
|
||||
|
||||
Click Notary Deployment Security
|
||||
Mouse Down //input[@id='content-trust']
|
||||
Mouse Up //input[@id='content-trust']
|
||||
|
||||
Click Cosign Deployment Security
|
||||
Mouse Down //input[@id='content-trust-cosign']
|
||||
Mouse Up //input[@id='content-trust-cosign']
|
||||
@ -50,9 +46,6 @@ Project Should Be Public
|
||||
[Arguments] ${projectName}
|
||||
Retry Wait Until Page Contains Element //clr-dg-row[contains(.,'${projectName}')]//clr-dg-cell[contains(.,'Public')]
|
||||
|
||||
Content Notary Deployment security Be Selected
|
||||
Checkbox Should Be Selected //input[@id='content-trust']
|
||||
|
||||
Content Cosign Deployment security Be Selected
|
||||
Checkbox Should Be Selected //input[@id='content-trust-cosign']
|
||||
|
||||
|
@ -382,10 +382,6 @@ Should Be Signed By Cosign
|
||||
[Arguments] ${tag}
|
||||
Retry Wait Element Visible //clr-dg-row[contains(.,'${tag}')]//clr-icon[contains(@class,'signed')]
|
||||
|
||||
Should Be Signed By Notary
|
||||
[Arguments] ${tag}
|
||||
Retry Wait Element Visible //clr-dg-row[contains(.,'${tag}')]//clr-icon[contains(@class,'color-green')]
|
||||
|
||||
Delete Accessory
|
||||
[Arguments] ${tag}
|
||||
Retry Button Click //clr-dg-row[contains(.,'${tag}')]//button[contains(@class,'datagrid-expandable-caret-button')]
|
||||
@ -420,4 +416,4 @@ Download Latest CVE CSV File
|
||||
${csv_file_path}= Set Variable ${download_directory}/${csv_file_name}.csv
|
||||
Retry Double Keywords When Error Retry Element Click ${latest_download_cve_csv_file_xpath} Retry Wait Until Page Does Not Contains ${csv_file_name}
|
||||
Retry File Should Exist ${csv_file_path}
|
||||
[Return] ${csv_file_path}
|
||||
[Return] ${csv_file_path}
|
||||
|
@ -557,12 +557,3 @@ Verify Quotas Display
|
||||
Should Match Regexp ${storage_quota_ret} ${str_expected}
|
||||
END
|
||||
Close Browser
|
||||
|
||||
|
||||
Verify Re-sign Image
|
||||
[Arguments] ${json}
|
||||
Log To Console "Verify Quotas Display..."
|
||||
@{project}= Get Value From Json ${json} $.notary_projects.[*].name
|
||||
FOR ${project} IN @{project}
|
||||
Body Of Admin Push Signed Image ${project} alpine new_tag ${HARBOR_ADMIN} ${HARBOR_PASSWORD} clear_trust_dir=${false}
|
||||
END
|
@ -38,35 +38,35 @@ Install Harbor to Test Server
|
||||
Generate Certificate Authority For Chrome
|
||||
|
||||
Up Harbor
|
||||
[Arguments] ${with_notary}=true
|
||||
${rc} ${output}= Run And Return Rc And Output make start -e NOTARYFLAG=${with_notary}
|
||||
[Arguments]
|
||||
${rc} ${output}= Run And Return Rc And Output make start
|
||||
Log ${rc}
|
||||
Log ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
|
||||
Down Harbor
|
||||
[Arguments] ${with_notary}=true
|
||||
${rc} ${output}= Run And Return Rc And Output echo "Y" | make down -e NOTARYFLAG=${with_notary}
|
||||
[Arguments]
|
||||
${rc} ${output}= Run And Return Rc And Output echo "Y" | make down
|
||||
Log ${rc}
|
||||
Log ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
|
||||
Package Harbor Offline
|
||||
[Arguments] ${with_notary}=true ${with_trivy}=true
|
||||
[Arguments] ${with_trivy}=true
|
||||
Log To Console \nStart Docker Daemon
|
||||
Start Docker Daemon Locally
|
||||
Log To Console make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
${rc} ${output}= Run And Return Rc And Output make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
Log To Console make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
${rc} ${output}= Run And Return Rc And Output make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
Log To Console ${rc}
|
||||
Log To Console ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
|
||||
Package Harbor Online
|
||||
[Arguments] ${with_notary}=true ${with_trivy}=true
|
||||
[Arguments] ${with_trivy}=true
|
||||
Log To Console \nStart Docker Daemon
|
||||
Start Docker Daemon Locally
|
||||
Log To Console \nmake package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
${rc} ${output}= Run And Return Rc And Output make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
Log To Console \nmake package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
${rc} ${output}= Run And Return Rc And Output make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
Log ${rc}
|
||||
Log ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
@ -103,23 +103,9 @@ Get Harbor CA
|
||||
Log All ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
|
||||
Notary Remove Signature
|
||||
[Arguments] ${ip} ${project} ${image} ${tag} ${user} ${pwd}
|
||||
${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group0-Util/notary-util.sh remove ${ip} ${project} ${image} ${tag} ${notaryServerEndpoint} ${user} ${pwd}
|
||||
Log To Console ${output}
|
||||
Log ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
|
||||
Notary Key Rotate
|
||||
[Arguments] ${ip} ${project} ${image} ${tag} ${user} ${pwd}
|
||||
${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group0-Util/notary-util.sh key_rotate ${ip} ${project} ${image} ${tag} ${notaryServerEndpoint} ${user} ${pwd}
|
||||
Log To Console ${output}
|
||||
Log ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
|
||||
Prepare
|
||||
[Arguments] ${with_notary}=true
|
||||
${rc} ${output}= Run And Return Rc And Output make prepare -e NOTARYFLAG=${with_notary}
|
||||
[Arguments]
|
||||
${rc} ${output}= Run And Return Rc And Output make prepare
|
||||
Log ${rc}
|
||||
Log ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
@ -152,8 +138,8 @@ Prepare Cert
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
|
||||
Compile and Up Harbor With Source Code
|
||||
[Arguments] ${with_notary}=true
|
||||
${rc} ${output}= Run And Return Rc And Output make install swagger_client NOTARYFLAG=${with_notary} HTTPPROXY=
|
||||
[Arguments]
|
||||
${rc} ${output}= Run And Return Rc And Output make install swagger_client HTTPPROXY=
|
||||
Log ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
Sleep 20
|
||||
|
@ -54,8 +54,6 @@ Nightly Test Setup In Ubuntu For Upgrade
|
||||
Prepare Test Tools
|
||||
Log To Console Start Docker Daemon Locally ...
|
||||
Run Keyword Start Docker Daemon Locally
|
||||
#For upgrade pipeline: get notary targets key from last execution.
|
||||
${rc} ${output}= Run And Return Rc And Output [ -f "/key_store/private_keys_backup.tar.gz" ] && tar -zxvf /key_store/private_keys_backup.tar.gz -C /
|
||||
|
||||
CA Setup In ubuntu
|
||||
[Arguments] ${ip} ${HARBOR_PASSWORD} ${cert}
|
||||
@ -81,8 +79,6 @@ Collect Logs
|
||||
SSHLibrary.Get File /var/log/harbor/adminserver.log
|
||||
SSHLibrary.Get File /var/log/harbor/jobservice.log
|
||||
SSHLibrary.Get File /var/log/harbor/postgresql.log
|
||||
SSHLibrary.Get File /var/log/harbor/notary-server.log
|
||||
SSHLibrary.Get File /var/log/harbor/notary-signer.log
|
||||
SSHLibrary.Get File /var/log/harbor/registryctl.log
|
||||
Run rename 's/^/${ip}/' *.log
|
||||
Close All Connections
|
||||
|
@ -128,33 +128,6 @@ Body Of Scan Image On Push
|
||||
View Repo Scan Details @{vulnerability_levels}
|
||||
Close Browser
|
||||
|
||||
Body Of Push Signed Image
|
||||
Init Chrome Driver
|
||||
${d}= Get Current Date result_format=%m%s
|
||||
${user}= Set Variable user010
|
||||
${pwd}= Set Variable Test1@34
|
||||
Sign In Harbor ${HARBOR_URL} ${user} ${pwd}
|
||||
Create An New Project And Go Into Project project${d}
|
||||
Body Of Admin Push Signed Image project${d} tomcat latest ${user} ${pwd}
|
||||
Body Of Admin Push Signed Image project${d} alpine latest ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Close Browser
|
||||
|
||||
Body Of Admin Push Signed Image
|
||||
[Arguments] ${project} ${image} ${tag} ${user} ${pwd} ${with_remove}=${false} ${clear_trust_dir}=${true}
|
||||
Run Keyword If ${clear_trust_dir}==${true} Wait Unitl Command Success rm -rf ~/.docker/
|
||||
${src_tag}= Set Variable latest
|
||||
${src_image}= Set Variable ${LOCAL_REGISTRY}/${LOCAL_REGISTRY_NAMESPACE}/${image}:${src_tag}
|
||||
Docker Pull ${src_image}
|
||||
Wait Unitl Command Success ./tests/robot-cases/Group0-Util/notary-push-image.sh ${ip} ${project} ${image} ${tag} ${notaryServerEndpoint} ${src_image} ${user} ${pwd}
|
||||
|
||||
${rc} ${output}= Run And Return Rc And Output curl -u admin:Harbor12345 -s --insecure -H "Content-Type: application/json" -X GET "https://${ip}/api/v2.0/projects/${project}/repositories/${image}/artifacts/${tag}?with_signature=true"
|
||||
|
||||
Log To Console ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
Should Contain ${output} "signed":true
|
||||
|
||||
Run Keyword If ${with_remove} == ${true} Notary Remove Signature ${ip} ${project} ${image} ${tag} ${user} ${pwd}
|
||||
|
||||
Delete A Project Without Sign In Harbor
|
||||
[Arguments] ${harbor_ip}=${ip} ${username}=${HARBOR_ADMIN} ${password}=${HARBOR_PASSWORD}
|
||||
${d}= Get Current Date result_format=%m%s
|
||||
|
@ -60,10 +60,6 @@ Test Case - Robot Account
|
||||
[Tags] robot_account
|
||||
Harbor API Test ./tests/apitests/python/test_robot_account.py
|
||||
|
||||
Test Case - Sign A Image
|
||||
[Tags] sign_image
|
||||
Harbor API Test ./tests/apitests/python/test_sign_image.py
|
||||
|
||||
Test Case - Project Quota
|
||||
[Tags] quota
|
||||
Harbor API Test ./tests/apitests/python/test_project_quota.py
|
||||
|
@ -35,22 +35,6 @@ Test Case - Registry Basic Verfication
|
||||
|
||||
Close Browser
|
||||
|
||||
Test Case - Notary Basic Verfication
|
||||
Enable Notary Client
|
||||
|
||||
${rc} ${output}= Run And Return Rc And Output docker pull hello-world:latest
|
||||
Log ${output}
|
||||
|
||||
Push image ${ip} %{HARBOR_ADMIN} %{HARBOR_PASSWORD} library hello-world:latest
|
||||
${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group0-Util/notary-push-image.sh ${ip} ${notaryServerEndpoint}
|
||||
Log ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
|
||||
${rc} ${output}= Run And Return Rc And Output curl -u admin:Harbor12345 -s --insecure -H "Content-Type: application/json" -X GET "https://${ip}/api/repositories/library/tomcat/signatures"
|
||||
Log To Console ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
#Should Contain ${output} sha256
|
||||
|
||||
Test Case - Ldap Basic Verfication
|
||||
Switch To LDAP
|
||||
Init Chrome Driver
|
||||
@ -64,4 +48,4 @@ Test Case - Ldap Basic Verfication
|
||||
Test Case - Run LDAP Group Related API Test
|
||||
Harbor API Test ./tests/apitests/python/test_ldap_admin_role.py
|
||||
Harbor API Test ./tests/apitests/python/test_user_group.py
|
||||
Harbor API Test ./tests/apitests/python/test_assign_role_to_ldap_group.py
|
||||
Harbor API Test ./tests/apitests/python/test_assign_role_to_ldap_group.py
|
||||
|
@ -1,26 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
#docker pull $3:$4
|
||||
set -x
|
||||
|
||||
IP=$1
|
||||
notaryServerEndpoint=$5
|
||||
tag_src=$6
|
||||
USER=$7
|
||||
PASSHRASE=$8
|
||||
echo $IP
|
||||
|
||||
export DOCKER_CONTENT_TRUST=1
|
||||
export DOCKER_CONTENT_TRUST_SERVER=https://$notaryServerEndpoint
|
||||
|
||||
export NOTARY_ROOT_PASSPHRASE=$PASSHRASE
|
||||
export NOTARY_TARGETS_PASSPHRASE=$PASSHRASE
|
||||
export NOTARY_SNAPSHOT_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=$PASSHRASE
|
||||
|
||||
docker login -u $USER -p $PASSHRASE $IP
|
||||
docker tag $tag_src $IP/$2/$3:$4
|
||||
docker push $IP/$2/$3:$4
|
@ -1,33 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
CMD=$1
|
||||
HOST=$2
|
||||
PROJECT=$3
|
||||
IMAGE=$4
|
||||
TAG=$5
|
||||
NOTARY_SERVER_ENDPOINT=$6
|
||||
USER=$7
|
||||
PWD=$8
|
||||
PASSHRASE=$8
|
||||
|
||||
export DOCKER_CONTENT_TRUST=1
|
||||
|
||||
export NOTARY_ROOT_PASSPHRASE=$PASSHRASE
|
||||
export NOTARY_TARGETS_PASSPHRASE=$PASSHRASE
|
||||
export NOTARY_SNAPSHOT_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=$PASSHRASE
|
||||
|
||||
export NOTARY_AUTH=$(echo $USER:$PWD | base64)
|
||||
echo $USER:$PWD
|
||||
|
||||
NOTARY_CMD_OPTIONS="notary -s https://$NOTARY_SERVER_ENDPOINT -d /root/.docker/trust"
|
||||
if [ "$CMD" == "key_rotate" ]; then
|
||||
echo "$NOTARY_CMD_OPTIONS key rotate $HOST/$PROJECT/$IMAGE snapshot -r"
|
||||
$NOTARY_CMD_OPTIONS key rotate $HOST/$PROJECT/$IMAGE snapshot -r
|
||||
elif [ "$CMD" == "remove" ]; then
|
||||
echo "$NOTARY_CMD_OPTIONS remove -p $HOST/$PROJECT/$IMAGE $TAG"
|
||||
$NOTARY_CMD_OPTIONS remove -p $HOST/$PROJECT/$IMAGE $TAG
|
||||
fi
|
@ -1,71 +0,0 @@
|
||||
# Copyright Project Harbor Authors
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License
|
||||
|
||||
*** Settings ***
|
||||
Documentation Harbor BATs
|
||||
Resource ../../resources/Util.robot
|
||||
Default Tags Nightly
|
||||
|
||||
*** Variables ***
|
||||
${HARBOR_URL} https://${ip}
|
||||
${SSH_USER} root
|
||||
${HARBOR_ADMIN} admin
|
||||
|
||||
*** Test Cases ***
|
||||
Test Case - Project Level Policy Notary Deployment security
|
||||
Init Chrome Driver
|
||||
${d}= Get Current Date result_format=%m%s
|
||||
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Create An New Project And Go Into Project project${d}
|
||||
Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} hello-world:latest
|
||||
Go Into Project project${d}
|
||||
Goto Project Config
|
||||
Click Notary Deployment Security
|
||||
Save Project Config
|
||||
# Verify
|
||||
# Unsigned image can not be pulled
|
||||
Content Notary Deployment security Be Selected
|
||||
Cannot Pull Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} hello-world:latest err_msg=The image is not signed in Notary
|
||||
# Signed image can be pulled
|
||||
Body Of Admin Push Signed Image project${d} redis latest ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Pull image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} redis tag=latest
|
||||
Close Browser
|
||||
|
||||
Test Case - Admin Push Signed Image
|
||||
[tags] sign_image
|
||||
Body Of Push Signed Image
|
||||
|
||||
Test Case - Admin Push Signed Image And Remove Signature
|
||||
[tags] rm_signature
|
||||
Init Chrome Driver
|
||||
${d}= Get Current Date result_format=%m%s
|
||||
${user}= Set Variable user012
|
||||
${pwd}= Set Variable Test1@34
|
||||
Sign In Harbor ${HARBOR_URL} ${user} ${pwd}
|
||||
Create An New Project And Go Into Project project${d}
|
||||
Body Of Admin Push Signed Image project${d} alpine latest ${user} ${pwd} with_remove=${true}
|
||||
Body Of Admin Push Signed Image project${d} busybox latest ${HARBOR_ADMIN} ${HARBOR_PASSWORD} with_remove=${true}
|
||||
|
||||
Test Case - Key Rotate
|
||||
[tags] key_rotate
|
||||
Init Chrome Driver
|
||||
${d}= Get Current Date result_format=%m%s
|
||||
${user}= Set Variable user012
|
||||
${pwd}= Set Variable Test1@34
|
||||
Sign In Harbor ${HARBOR_URL} ${user} ${pwd}
|
||||
Create An New Project And Go Into Project project${d}
|
||||
Body Of Admin Push Signed Image project${d} busybox latest ${user} ${pwd}
|
||||
Notary Key Rotate ${ip} project${d} busybox latest ${user} ${pwd}
|
||||
Body Of Admin Push Signed Image project${d} alpine latest ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Notary Key Rotate ${ip} project${d} alpine latest ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
@ -633,181 +633,6 @@ Test Case - Enable Replication Of Cosign Deployment Security Policy
|
||||
Retry Double Keywords When Error Click Index Achieve ${index_tag} Should Be Signed By Cosign ${image2_short_sha256}
|
||||
Close Browser
|
||||
|
||||
Test Case - Enable Replication Of Notary Deployment Security Policy
|
||||
Init Chrome Driver
|
||||
${d}= Get Current Date result_format=%m%s
|
||||
${image1}= Set Variable hello-world
|
||||
${tag1}= Set Variable latest
|
||||
${image2}= Set Variable busybox
|
||||
${tag2}= Set Variable latest
|
||||
|
||||
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Create An New Project And Go Into Project project_push_dest${d}
|
||||
Create An New Project And Go Into Project project_pull_dest${d}
|
||||
Switch To Registries
|
||||
Create A New Endpoint harbor e${d} https://${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Replication Manage
|
||||
Create A Rule With Existing Endpoint rule_pull_${d} pull project${d}/* image e${d} project_pull_dest${d}
|
||||
Logout Harbor
|
||||
|
||||
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Create An New Project And Go Into Project project${d}
|
||||
# push images
|
||||
Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} ${image1}:${tag1}
|
||||
Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} ${image2}:${tag2}
|
||||
# enable notary deployment security policy
|
||||
Goto Project Config
|
||||
Click Notary Deployment Security
|
||||
Save Project Config
|
||||
Content Notary Deployment security Be Selected
|
||||
# push mode replication should fail
|
||||
Switch To Registries
|
||||
Create A New Endpoint harbor e${d} https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Replication Manage
|
||||
Create A Rule With Existing Endpoint rule_push_${d} push project${d}/* image e${d} project_push_dest${d}
|
||||
Select Rule And Replicate rule_push_${d}
|
||||
Check Latest Replication Job Status Failed
|
||||
# pull mode replication should fail
|
||||
Logout Harbor
|
||||
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Replication Manage
|
||||
Select Rule And Replicate rule_pull_${d}
|
||||
Check Latest Replication Job Status Failed
|
||||
# sign
|
||||
Body Of Admin Push Signed Image project${d} ${image1} ${tag1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Body Of Admin Push Signed Image project${d} ${image2} ${tag2} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
# push mode replication should success
|
||||
Logout Harbor
|
||||
Sign In Harbor https://${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Replication Manage
|
||||
Select Rule And Replicate rule_push_${d}
|
||||
Check Latest Replication Job Status Succeeded
|
||||
# pull mode replication should success
|
||||
Logout Harbor
|
||||
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Replication Manage
|
||||
Select Rule And Replicate rule_pull_${d}
|
||||
Check Latest Replication Job Status Succeeded
|
||||
# check project_pull_dest
|
||||
Go Into Project project_pull_dest${d}
|
||||
Switch To Project Repo
|
||||
Repo Exist project_pull_dest${d} ${image1}
|
||||
Repo Exist project_pull_dest${d} ${image2}
|
||||
# check project_push_dest
|
||||
Go Into Project project_push_dest${d}
|
||||
Switch To Project Repo
|
||||
Repo Exist project_push_dest${d} ${image1}
|
||||
Repo Exist project_push_dest${d} ${image2}
|
||||
Close Browser
|
||||
|
||||
Test Case - Enable Replication Of Cosign And Notary Deployment Security Policy
|
||||
Init Chrome Driver
|
||||
${d}= Get Current Date result_format=%m%s
|
||||
${image1}= Set Variable hello-world
|
||||
${tag1}= Set Variable latest
|
||||
${image2}= Set Variable busybox
|
||||
${tag2}= Set Variable latest
|
||||
|
||||
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Create An New Project And Go Into Project project_push_dest${d}
|
||||
Create An New Project And Go Into Project project_pull_dest${d}
|
||||
Switch To Registries
|
||||
Create A New Endpoint harbor e${d} https://${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Replication Manage
|
||||
Create A Rule With Existing Endpoint rule_pull_${d} pull project${d}/* image e${d} project_pull_dest${d}
|
||||
Logout Harbor
|
||||
|
||||
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Create An New Project And Go Into Project project${d}
|
||||
# push images
|
||||
Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} ${image1}:${tag1}
|
||||
Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} ${image2}:${tag2}
|
||||
# enable cosign deployment security policy
|
||||
Goto Project Config
|
||||
Click Cosign Deployment Security
|
||||
Save Project Config
|
||||
Content Cosign Deployment security Be Selected
|
||||
# enable notary deployment security policy
|
||||
Goto Project Config
|
||||
Click Notary Deployment Security
|
||||
Save Project Config
|
||||
Content Notary Deployment security Be Selected
|
||||
# cosign sign
|
||||
Cosign Generate Key Pair
|
||||
Docker Login ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Cosign Sign ${ip}/project${d}/${image1}:${tag1}
|
||||
Cosign Sign ${ip}/project${d}/${image2}:${tag2}
|
||||
Docker Logout ${ip}
|
||||
# push mode replication should fail
|
||||
Switch To Registries
|
||||
Create A New Endpoint harbor e${d} https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Replication Manage
|
||||
Create A Rule With Existing Endpoint rule_push_${d} push project${d}/* image e${d} project_push_dest${d}
|
||||
Select Rule And Replicate rule_push_${d}
|
||||
Check Latest Replication Job Status Failed
|
||||
# pull mode replication should fail
|
||||
Logout Harbor
|
||||
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Replication Manage
|
||||
Select Rule And Replicate rule_pull_${d}
|
||||
Check Latest Replication Job Status Failed
|
||||
# notary sign
|
||||
Body Of Admin Push Signed Image project${d} ${image1} ${tag1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Body Of Admin Push Signed Image project${d} ${image2} ${tag2} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
# delete cosign accessory
|
||||
Logout Harbor
|
||||
Sign In Harbor https://${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Go Into Project project${d}
|
||||
Go Into Repo project${d}/${image1}
|
||||
Retry Double Keywords When Error Delete Accessory ${tag1} Should be Accessory deleted ${tag1}
|
||||
Back Project Home project${d}
|
||||
Go Into Repo project${d}/${image2}
|
||||
Retry Double Keywords When Error Delete Accessory ${tag2} Should be Accessory deleted ${tag2}
|
||||
# push mode replication should fail
|
||||
Switch To Replication Manage
|
||||
Select Rule And Replicate rule_push_${d}
|
||||
Check Latest Replication Job Status Failed
|
||||
# pull mode replication should fail
|
||||
Logout Harbor
|
||||
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Replication Manage
|
||||
Select Rule And Replicate rule_pull_${d}
|
||||
Check Latest Replication Job Status Failed
|
||||
# cosign sign
|
||||
Docker Login ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Cosign Sign ${ip}/project${d}/${image1}:${tag1}
|
||||
Cosign Sign ${ip}/project${d}/${image2}:${tag2}
|
||||
Docker Logout ${ip}
|
||||
# push mode replication should success
|
||||
Logout Harbor
|
||||
Sign In Harbor https://${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Replication Manage
|
||||
Select Rule And Replicate rule_push_${d}
|
||||
Check Latest Replication Job Status Succeeded
|
||||
# pull mode replication should success
|
||||
Logout Harbor
|
||||
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Replication Manage
|
||||
Select Rule And Replicate rule_pull_${d}
|
||||
Check Latest Replication Job Status Succeeded
|
||||
# check project_pull_dest
|
||||
Go Into Project project_pull_dest${d}
|
||||
Switch To Project Repo
|
||||
Repo Exist project_pull_dest${d} ${image1}
|
||||
Repo Exist project_pull_dest${d} ${image2}
|
||||
Retry Double Keywords When Error Go Into Repo project_pull_dest${d}/${image1} Should Be Signed By Cosign ${tag1}
|
||||
Back Project Home project_pull_dest${d}
|
||||
Retry Double Keywords When Error Go Into Repo project_pull_dest${d}/${image2} Should Be Signed By Cosign ${tag2}
|
||||
# check project_push_dest
|
||||
Go Into Project project_push_dest${d}
|
||||
Switch To Project Repo
|
||||
Repo Exist project_push_dest${d} ${image1}
|
||||
Repo Exist project_push_dest${d} ${image2}
|
||||
Retry Double Keywords When Error Go Into Repo project_push_dest${d}/${image1} Should Be Signed By Cosign ${tag1}
|
||||
Back Project Home project_push_dest${d}
|
||||
Retry Double Keywords When Error Go Into Repo project_push_dest${d}/${image2} Should Be Signed By Cosign ${tag2}
|
||||
Close Browser
|
||||
|
||||
Test Case - Carvel Imgpkg Copy To Harbor
|
||||
[Tags] imgpkg_copy
|
||||
Init Chrome Driver
|
||||
|
@ -29,7 +29,3 @@ Test Case - Manage project publicity
|
||||
Test Case - Scan A Tag In The Repo
|
||||
[Tags] trivy
|
||||
Body Of Scan A Tag In The Repo vmware/photon 1.0
|
||||
|
||||
Test Case - Admin Push Signed Image
|
||||
[tags] sign_image
|
||||
Body Of Push Signed Image
|
||||
|
@ -495,9 +495,6 @@ class HarborAPI:
|
||||
}
|
||||
],
|
||||
"event_types":[
|
||||
"downloadChart",
|
||||
"deleteChart",
|
||||
"uploadChart",
|
||||
"deleteImage",
|
||||
"pullImage",
|
||||
"pushImage",
|
||||
@ -522,9 +519,6 @@ class HarborAPI:
|
||||
"DELETE_ARTIFACT",
|
||||
"PULL_ARTIFACT",
|
||||
"PUSH_ARTIFACT",
|
||||
"DELETE_CHART",
|
||||
"DOWNLOAD_CHART",
|
||||
"UPLOAD_CHART",
|
||||
"QUOTA_EXCEED",
|
||||
"QUOTA_WARNING",
|
||||
"REPLICATION",
|
||||
@ -621,10 +615,6 @@ def push_image(image, project):
|
||||
os.system("docker login "+args.endpoint+" -u admin"+" -p Harbor12345")
|
||||
os.system("docker push "+args.endpoint+"/"+project+"/library/"+image)
|
||||
|
||||
def push_signed_image(image, project, tag):
|
||||
print("LOCAL_REGISTRY:{} LOCAL_REGISTRY_NAMESPACE:{}".format(args.LOCAL_REGISTRY, args.LOCAL_REGISTRY_NAMESPACE))
|
||||
os.system("./sign_image.sh" + " " + args.endpoint + " " + project + " " + image + " " + tag + " " + args.LOCAL_REGISTRY + " " + args.LOCAL_REGISTRY_NAMESPACE)
|
||||
|
||||
@get_feature_branch
|
||||
def set_url(**kwargs):
|
||||
global url
|
||||
@ -653,14 +643,11 @@ def do_data_creation():
|
||||
harborAPI.add_distribution(distribution, version=args.version)
|
||||
|
||||
harborAPI.populate_projects("projects", version=args.version)
|
||||
harborAPI.populate_projects("notary_projects", create_project_only=True, version=args.version)
|
||||
harborAPI.populate_quotas(version=args.version)
|
||||
|
||||
harborAPI.push_artifact_index(data["projects"][0]["name"], data["projects"][0]["artifact_index"]["name"], data["projects"][0]["artifact_index"]["tag"], version=args.version)
|
||||
#pull_image("busybox", "redis", "haproxy", "alpine", "httpd:2")
|
||||
push_self_build_image_to_project(data["projects"][0]["name"], args.endpoint, 'admin', 'Harbor12345', "busybox", "latest")
|
||||
for project in data["notary_projects"]:
|
||||
push_signed_image("alpine", project["name"], "latest")
|
||||
|
||||
for replicationrule in data["replicationrule"]:
|
||||
harborAPI.add_replication_rule(replicationrule, version=args.version)
|
||||
|
@ -1,35 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -x
|
||||
set -e
|
||||
|
||||
echo "registry:"$5
|
||||
echo "repo:"$6
|
||||
docker pull $5/$6/$3:$4
|
||||
|
||||
IP=$1
|
||||
PASSHRASE='Harbor12345'
|
||||
|
||||
echo $IP
|
||||
|
||||
mkdir -p /etc/docker/certs.d/$IP/
|
||||
mkdir -p ~/.docker/tls/$IP:4443/
|
||||
|
||||
cp /harbor/ca/ca.crt /etc/docker/certs.d/$IP/
|
||||
cp /harbor/ca/ca.crt ~/.docker/tls/$IP:4443/
|
||||
|
||||
export DOCKER_CONTENT_TRUST=1
|
||||
export DOCKER_CONTENT_TRUST_SERVER=https://$IP:4443
|
||||
|
||||
export NOTARY_ROOT_PASSPHRASE=$PASSHRASE
|
||||
export NOTARY_TARGETS_PASSPHRASE=$PASSHRASE
|
||||
export NOTARY_SNAPSHOT_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=$PASSHRASE
|
||||
export DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=$PASSHRASE
|
||||
|
||||
docker login -u admin -p Harbor12345 $IP
|
||||
docker tag $5/$6/$3:$4 $IP/$2/$3:$4
|
||||
docker push $IP/$2/$3:$4
|
||||
rm -rf /key_store/*
|
||||
umask 077; tar -zcvf /key_store/private_keys_backup.tar.gz ~/.docker/trust/private; umask 022
|
@ -88,7 +88,6 @@ Test Case - Upgrade Verify
|
||||
Run Keyword Verify Trivy Is Default Scanner
|
||||
Run Keyword Verify Artifact Index ${data}
|
||||
Run Keyword Verify Quotas Display ${data}
|
||||
Run Keyword Verify Re-sign Image ${data}
|
||||
|
||||
Test Case - Upgrade Verify
|
||||
[Tags] 2.1-latest
|
||||
@ -116,4 +115,3 @@ Test Case - Upgrade Verify
|
||||
Run Keyword Verify Distributions ${data}
|
||||
Run Keyword Verify P2P Preheat Policy ${data}
|
||||
Run Keyword Verify Quotas Display ${data}
|
||||
Run Keyword Verify Re-sign Image ${data}
|
||||
|
Loading…
Reference in New Issue
Block a user