Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-22 10:15:35 +01:00
Code Issues Projects Releases Wiki Activity

Remove notary test cases (#18620)

Browse Source 
Fix #17955

Signed-off-by: Yang Jiao <jiaoya@vmware.com>
This commit is contained in:
Yang Jiao 2023-04-28 16:09:40 +08:00 committed by GitHub
parent 010042fb92
commit c09e539027
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
25 changed files with 23 additions and 619 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tests/apitests/python/library/sign.py
View File

@ -1,15 +0,0 @@
# -*- coding: utf-8 -*-
import subprocess
from testutils import notary_url, BASE_IMAGE_ABS_PATH_NAME
from docker_api import docker_load_image, docker_image_clean_all
def sign_image(registry_ip, project_name, image, tag):
docker_load_image(BASE_IMAGE_ABS_PATH_NAME)
try:
ret = subprocess.check_output(["./tests/apitests/python/sign_image.sh", registry_ip, project_name, image, tag, notary_url], shell=False)
print("sign_image return: ", ret)
except subprocess.CalledProcessError as e:
raise Exception("Failed to sign image error is {} {}.".format(e.returncode, e.output))
finally:
docker_image_clean_all()

25
tests/apitests/python/sign_image.sh
View File

@ -1,25 +0,0 @@
#!/bin/sh
IP=$1
NOTARY_URL=$5
PASSHRASE='Harbor12345'
IMAGE=$IP/$2/$3:$4
echo $IP
export DOCKER_CONTENT_TRUST=1
export DOCKER_CONTENT_TRUST_SERVER=$NOTARY_URL
export NOTARY_ROOT_PASSPHRASE=$PASSHRASE
export NOTARY_TARGETS_PASSPHRASE=$PASSHRASE
export NOTARY_SNAPSHOT_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=$PASSHRASE
docker login -u admin -p Harbor12345 $IP
docker tag $3:$4 $IMAGE
docker push $IMAGE
docker rmi -f $IMAGE

8
tests/apitests/python/test_project_level_policy_content_trust.py
View File

@ -45,7 +45,7 @@ class TestProjects(unittest.TestCase):
4. Image(IA) should exist;
5. Pull image(IA) successfully;
6. Enable content trust in project(PA) configuration;
7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
7. Pull image(IA) failed and the reason is "The image is not signed in Cosign".
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
@ -76,15 +76,15 @@ class TestProjects(unittest.TestCase):
self.project.get_project(TestProjects.project_content_trust_id)
#6. Enable content trust in project(PA) configuration;
self.project.update_project(TestProjects.project_content_trust_id, metadata = {"enable_content_trust": "true"}, **TestProjects.USER_CONTENT_TRUST_CLIENT)
self.project.update_project(TestProjects.project_content_trust_id, metadata = {"enable_content_trust_cosign": "true"}, **TestProjects.USER_CONTENT_TRUST_CLIENT)
self.project.get_project(TestProjects.project_content_trust_id)
#7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
#7. Pull image(IA) failed and the reason is "The image is not signed in Cosign".
docker_image_clean_all()
restart_process("containerd")
restart_process("dockerd")
time.sleep(30)
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed in Notary")
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], TestProjects.repo_name, tag, expected_error_message = "The image is not signed in Cosign")
if __name__ == '__main__':
unittest.main()

6
tests/apitests/python/test_push_files_by_oras.py
View File

@ -1,12 +1,10 @@
from __future__ import absolute_import
import unittest
import urllib
from testutils import ADMIN_CLIENT, suppress_urllib3_warning
from testutils import harbor_server
from testutils import TEARDOWN
import library.oras
from library.sign import sign_image
from library.user import User
from library.project import Project
from library.repository import Repository
@ -26,7 +24,7 @@ class TestProjects(unittest.TestCase):
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete user(UA);
self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
def testOrasCli(self):
"""
@ -47,7 +45,7 @@ class TestProjects(unittest.TestCase):
user_001_password = "Aa123456"
#1. Create user-001
TestProjects.user_sign_image_id, user_name = self.user.create_user(user_password = user_001_password, **ADMIN_CLIENT)
TestProjects.user_id, user_name = self.user.create_user(user_password = user_001_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT=dict(with_signature = True, endpoint = url, username = user_name, password = user_001_password)

1
tests/apitests/python/test_push_image_with_special_name.py
View File

@ -5,7 +5,6 @@ import urllib
from testutils import ADMIN_CLIENT, suppress_urllib3_warning
from testutils import harbor_server
from testutils import TEARDOWN
from library.sign import sign_image
from library.artifact import Artifact
from library.project import Project
from library.user import User

4
tests/apitests/python/test_scan_image_artifact.py
View File

@ -11,7 +11,6 @@ from library.repository import Repository
from library.repository import push_self_build_image_to_project
from library.artifact import Artifact
from library.scan import Scan
from library.sign import sign_image
class TestScan(unittest.TestCase):
@suppress_urllib3_warning
@ -105,8 +104,7 @@ class TestScan(unittest.TestCase):
image = BASE_IMAGE['name']
tag = BASE_IMAGE['tag']
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
# Push base image in function sign_image.
sign_image(harbor_server, self.project_name, image, tag)
push_self_build_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image, tag)
#6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
self.scan.scan_artifact(self.project_name, image, tag, **self.USER_CLIENT)

87
tests/apitests/python/test_sign_image.py
View File

@ -1,87 +0,0 @@
from __future__ import absolute_import
import unittest
from testutils import ADMIN_CLIENT, suppress_urllib3_warning
from testutils import harbor_server
from testutils import TEARDOWN
from library.sign import sign_image
from library.artifact import Artifact
from library.project import Project
from library.user import User
from library.repository import Repository
from library.repository import push_special_image_to_project
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.repo_name_1 = "test1_sign"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
# remove the deletion as the signed image cannot be deleted.
#1. Delete repository(RA) by user(UA);
#self.repo.delete_repository(TestProjects.project_sign_image_name, TestProjects.repo_name.split('/')[1], **TestProjects.USER_sign_image_CLIENT)
#2. Delete project(PA);
#self.project.delete_project(TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)
def testSignImage(self):
"""
Test case:
Sign A Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Sign image with tag(TA) which was tagged by step #5;
7. Get signature of image with tag(TA), it should be exist.
Tear down:
NA
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "Aa123456"
#1. Create user-001
TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user(user_password = user_001_password, **ADMIN_CLIENT)
TestProjects.USER_sign_image_CLIENT=dict(with_signature = True, endpoint = url, username = user_sign_image_name, password = user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(TestProjects.project_sign_image_id, user_id=TestProjects.user_sign_image_id, **ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(dict(public=False), expected_count = 1,
expected_project_id = TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT)
#Note:busybox is pulled in setup phase, and setup is a essential phase.
image = "busybox"
tag = "latest"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
#TestProjects.repo_name, tag = push_self_build_image_to_project(TestProjects.project_sign_image_name, harbor_server, user_sign_image_name, user_001_password, image, src_tag)
#6. Sign image with tag(TA) which was tagged by step #5;
sign_image(harbor_server, TestProjects.project_sign_image_name, image, tag)
#7. Get signature of image with tag(TA), it should be exist.
artifact = self.artifact.get_reference_info(TestProjects.project_sign_image_name, image, tag, **TestProjects.USER_sign_image_CLIENT)
self.assertEqual(artifact.tags[0].signed, True)
push_special_image_to_project(TestProjects.project_sign_image_name, harbor_server, user_sign_image_name, user_001_password, self.repo_name_1, ['1.0'])
self.repo.delete_repository(TestProjects.project_sign_image_name, self.repo_name_1, **TestProjects.USER_sign_image_CLIENT)
self.repo.delete_repository(TestProjects.project_sign_image_name, image, expect_status_code=412, expect_response_body = "with signature cannot be deleted", **TestProjects.USER_sign_image_CLIENT)
if __name__ == '__main__':
unittest.main()

1
tests/apitests/python/testutils.py
View File

@ -27,7 +27,6 @@ ADMIN_CLIENT=dict(endpoint = os.environ.get("HARBOR_HOST_SCHEMA", "https")+ "://
CHART_API_CLIENT=dict(endpoint = os.environ.get("HARBOR_HOST_SCHEMA", "https")+ "://"+harbor_server+"/api", username = admin_user, password = admin_pwd)
USER_ROLE=dict(admin=0,normal=1)
TEARDOWN = os.environ.get('TEARDOWN', 'true').lower() in ('true', 'yes')
notary_url = os.environ.get('NOTARY_URL', 'https://'+harbor_server+':4443')
DOCKER_USER = os.environ.get('DOCKER_USER', '')
DOCKER_PWD = os.environ.get('DOCKER_PWD', '')
METRIC_URL = os.environ.get('METRIC_URL', 'http://'+harbor_server+':9090')

19
tests/notarytest.sh
View File

@ -1,19 +0,0 @@
#!/bin/sh
set -e
TIMEOUT=10
while [ $TIMEOUT -gt 0 ]; do
STATUS=$(curl -s -o /dev/null -w '%{http_code}' https://127.0.0.1:4443/v2/ -kv)
if [ $STATUS -eq 401 ]; then
echo "Notary is running success."
break
fi
TIMEOUT=$(($TIMEOUT - 1))
sleep 5
done
if [ $TIMEOUT -eq 0 ]; then
echo "Notary is running fail."
exit 1
fi

7
tests/resources/Harbor-Pages/Project-Config.robot
View File

@ -17,10 +17,6 @@ Click Project Public
Mouse Down //hbr-project-policy-config//input[@name='public']
Mouse Up //hbr-project-policy-config//input[@name='public']
Click Notary Deployment Security
Mouse Down //input[@id='content-trust']
Mouse Up //input[@id='content-trust']
Click Cosign Deployment Security
Mouse Down //input[@id='content-trust-cosign']
Mouse Up //input[@id='content-trust-cosign']
@ -50,9 +46,6 @@ Project Should Be Public
[Arguments] ${projectName}
Retry Wait Until Page Contains Element //clr-dg-row[contains(.,'${projectName}')]//clr-dg-cell[contains(.,'Public')]
Content Notary Deployment security Be Selected
Checkbox Should Be Selected //input[@id='content-trust']
Content Cosign Deployment security Be Selected
Checkbox Should Be Selected //input[@id='content-trust-cosign']

6
tests/resources/Harbor-Pages/Project.robot
View File

@ -382,10 +382,6 @@ Should Be Signed By Cosign
[Arguments] ${tag}
Retry Wait Element Visible //clr-dg-row[contains(.,'${tag}')]//clr-icon[contains(@class,'signed')]
Should Be Signed By Notary
[Arguments] ${tag}
Retry Wait Element Visible //clr-dg-row[contains(.,'${tag}')]//clr-icon[contains(@class,'color-green')]
Delete Accessory
[Arguments] ${tag}
Retry Button Click //clr-dg-row[contains(.,'${tag}')]//button[contains(@class,'datagrid-expandable-caret-button')]
@ -420,4 +416,4 @@ Download Latest CVE CSV File
${csv_file_path}= Set Variable ${download_directory}/${csv_file_name}.csv
Retry Double Keywords When Error Retry Element Click ${latest_download_cve_csv_file_xpath} Retry Wait Until Page Does Not Contains ${csv_file_name}
Retry File Should Exist ${csv_file_path}
[Return] ${csv_file_path}
[Return] ${csv_file_path}

9
tests/resources/Harbor-Pages/Verify.robot
View File

@ -557,12 +557,3 @@ Verify Quotas Display
Should Match Regexp ${storage_quota_ret} ${str_expected}
END
Close Browser
Verify Re-sign Image
[Arguments] ${json}
Log To Console "Verify Quotas Display..."
@{project}= Get Value From Json ${json} $.notary_projects.[*].name
FOR ${project} IN @{project}
Body Of Admin Push Signed Image ${project} alpine new_tag ${HARBOR_ADMIN} ${HARBOR_PASSWORD} clear_trust_dir=${false}
END

42
tests/resources/Harbor-Util.robot
View File

@ -38,35 +38,35 @@ Install Harbor to Test Server
Generate Certificate Authority For Chrome
Up Harbor
[Arguments] ${with_notary}=true
${rc} ${output}= Run And Return Rc And Output make start -e NOTARYFLAG=${with_notary}
[Arguments]
${rc} ${output}= Run And Return Rc And Output make start
Log ${rc}
Log ${output}
Should Be Equal As Integers ${rc} 0
Down Harbor
[Arguments] ${with_notary}=true
${rc} ${output}= Run And Return Rc And Output echo "Y" | make down -e NOTARYFLAG=${with_notary}
[Arguments]
${rc} ${output}= Run And Return Rc And Output echo "Y" | make down
Log ${rc}
Log ${output}
Should Be Equal As Integers ${rc} 0
Package Harbor Offline
[Arguments] ${with_notary}=true ${with_trivy}=true
[Arguments] ${with_trivy}=true
Log To Console \nStart Docker Daemon
Start Docker Daemon Locally
Log To Console make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} TRIVYFLAG=${with_trivy} HTTPPROXY=
${rc} ${output}= Run And Return Rc And Output make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} TRIVYFLAG=${with_trivy} HTTPPROXY=
Log To Console make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} TRIVYFLAG=${with_trivy} HTTPPROXY=
${rc} ${output}= Run And Return Rc And Output make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} TRIVYFLAG=${with_trivy} HTTPPROXY=
Log To Console ${rc}
Log To Console ${output}
Should Be Equal As Integers ${rc} 0
Package Harbor Online
[Arguments] ${with_notary}=true ${with_trivy}=true
[Arguments] ${with_trivy}=true
Log To Console \nStart Docker Daemon
Start Docker Daemon Locally
Log To Console \nmake package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} TRIVYFLAG=${with_trivy} HTTPPROXY=
${rc} ${output}= Run And Return Rc And Output make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} TRIVYFLAG=${with_trivy} HTTPPROXY=
Log To Console \nmake package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} TRIVYFLAG=${with_trivy} HTTPPROXY=
${rc} ${output}= Run And Return Rc And Output make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} TRIVYFLAG=${with_trivy} HTTPPROXY=
Log ${rc}
Log ${output}
Should Be Equal As Integers ${rc} 0
@ -103,23 +103,9 @@ Get Harbor CA
Log All ${output}
Should Be Equal As Integers ${rc} 0
Notary Remove Signature
[Arguments] ${ip} ${project} ${image} ${tag} ${user} ${pwd}
${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group0-Util/notary-util.sh remove ${ip} ${project} ${image} ${tag} ${notaryServerEndpoint} ${user} ${pwd}
Log To Console ${output}
Log ${output}
Should Be Equal As Integers ${rc} 0
Notary Key Rotate
[Arguments] ${ip} ${project} ${image} ${tag} ${user} ${pwd}
${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group0-Util/notary-util.sh key_rotate ${ip} ${project} ${image} ${tag} ${notaryServerEndpoint} ${user} ${pwd}
Log To Console ${output}
Log ${output}
Should Be Equal As Integers ${rc} 0
Prepare
[Arguments] ${with_notary}=true
${rc} ${output}= Run And Return Rc And Output make prepare -e NOTARYFLAG=${with_notary}
[Arguments]
${rc} ${output}= Run And Return Rc And Output make prepare
Log ${rc}
Log ${output}
Should Be Equal As Integers ${rc} 0
@ -152,8 +138,8 @@ Prepare Cert
Should Be Equal As Integers ${rc} 0
Compile and Up Harbor With Source Code
[Arguments] ${with_notary}=true
${rc} ${output}= Run And Return Rc And Output make install swagger_client NOTARYFLAG=${with_notary} HTTPPROXY=
[Arguments]
${rc} ${output}= Run And Return Rc And Output make install swagger_client HTTPPROXY=
Log ${output}
Should Be Equal As Integers ${rc} 0
Sleep 20

4
tests/resources/Nightly-Util.robot
View File

@ -54,8 +54,6 @@ Nightly Test Setup In Ubuntu For Upgrade
Prepare Test Tools
Log To Console Start Docker Daemon Locally ...
Run Keyword Start Docker Daemon Locally
#For upgrade pipeline: get notary targets key from last execution.
${rc} ${output}= Run And Return Rc And Output [ -f "/key_store/private_keys_backup.tar.gz" ] && tar -zxvf /key_store/private_keys_backup.tar.gz -C /
CA Setup In ubuntu
[Arguments] ${ip} ${HARBOR_PASSWORD} ${cert}
@ -81,8 +79,6 @@ Collect Logs
SSHLibrary.Get File /var/log/harbor/adminserver.log
SSHLibrary.Get File /var/log/harbor/jobservice.log
SSHLibrary.Get File /var/log/harbor/postgresql.log
SSHLibrary.Get File /var/log/harbor/notary-server.log
SSHLibrary.Get File /var/log/harbor/notary-signer.log
SSHLibrary.Get File /var/log/harbor/registryctl.log
Run rename 's/^/${ip}/' *.log
Close All Connections

27
tests/resources/TestCaseBody.robot
View File

@ -128,33 +128,6 @@ Body Of Scan Image On Push
View Repo Scan Details @{vulnerability_levels}
Close Browser
Body Of Push Signed Image
Init Chrome Driver
${d}= Get Current Date result_format=%m%s
${user}= Set Variable user010
${pwd}= Set Variable Test1@34
Sign In Harbor ${HARBOR_URL} ${user} ${pwd}
Create An New Project And Go Into Project project${d}
Body Of Admin Push Signed Image project${d} tomcat latest ${user} ${pwd}
Body Of Admin Push Signed Image project${d} alpine latest ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Close Browser
Body Of Admin Push Signed Image
[Arguments] ${project} ${image} ${tag} ${user} ${pwd} ${with_remove}=${false} ${clear_trust_dir}=${true}
Run Keyword If ${clear_trust_dir}==${true} Wait Unitl Command Success rm -rf ~/.docker/
${src_tag}= Set Variable latest
${src_image}= Set Variable ${LOCAL_REGISTRY}/${LOCAL_REGISTRY_NAMESPACE}/${image}:${src_tag}
Docker Pull ${src_image}
Wait Unitl Command Success ./tests/robot-cases/Group0-Util/notary-push-image.sh ${ip} ${project} ${image} ${tag} ${notaryServerEndpoint} ${src_image} ${user} ${pwd}
${rc} ${output}= Run And Return Rc And Output curl -u admin:Harbor12345 -s --insecure -H "Content-Type: application/json" -X GET "https://${ip}/api/v2.0/projects/${project}/repositories/${image}/artifacts/${tag}?with_signature=true"
Log To Console ${output}
Should Be Equal As Integers ${rc} 0
Should Contain ${output} "signed":true
Run Keyword If ${with_remove} == ${true} Notary Remove Signature ${ip} ${project} ${image} ${tag} ${user} ${pwd}
Delete A Project Without Sign In Harbor
[Arguments] ${harbor_ip}=${ip} ${username}=${HARBOR_ADMIN} ${password}=${HARBOR_PASSWORD}
${d}= Get Current Date result_format=%m%s

4
tests/robot-cases/Group0-BAT/API_DB.robot
View File

@ -60,10 +60,6 @@ Test Case - Robot Account
[Tags] robot_account
Harbor API Test ./tests/apitests/python/test_robot_account.py
Test Case - Sign A Image
[Tags] sign_image
Harbor API Test ./tests/apitests/python/test_sign_image.py
Test Case - Project Quota
[Tags] quota
Harbor API Test ./tests/apitests/python/test_project_quota.py

18
tests/robot-cases/Group0-BAT/BAT.robot
View File

@ -35,22 +35,6 @@ Test Case - Registry Basic Verfication
Close Browser
Test Case - Notary Basic Verfication
Enable Notary Client
${rc} ${output}= Run And Return Rc And Output docker pull hello-world:latest
Log ${output}
Push image ${ip} %{HARBOR_ADMIN} %{HARBOR_PASSWORD} library hello-world:latest
${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group0-Util/notary-push-image.sh ${ip} ${notaryServerEndpoint}
Log ${output}
Should Be Equal As Integers ${rc} 0
${rc} ${output}= Run And Return Rc And Output curl -u admin:Harbor12345 -s --insecure -H "Content-Type: application/json" -X GET "https://${ip}/api/repositories/library/tomcat/signatures"
Log To Console ${output}
Should Be Equal As Integers ${rc} 0
#Should Contain ${output} sha256
Test Case - Ldap Basic Verfication
Switch To LDAP
Init Chrome Driver
@ -64,4 +48,4 @@ Test Case - Ldap Basic Verfication
Test Case - Run LDAP Group Related API Test
Harbor API Test ./tests/apitests/python/test_ldap_admin_role.py
Harbor API Test ./tests/apitests/python/test_user_group.py
Harbor API Test ./tests/apitests/python/test_assign_role_to_ldap_group.py
Harbor API Test ./tests/apitests/python/test_assign_role_to_ldap_group.py

26
tests/robot-cases/Group0-Util/notary-push-image.sh
View File

@ -1,26 +0,0 @@
#!/bin/bash
#docker pull $3:$4
set -x
IP=$1
notaryServerEndpoint=$5
tag_src=$6
USER=$7
PASSHRASE=$8
echo $IP
export DOCKER_CONTENT_TRUST=1
export DOCKER_CONTENT_TRUST_SERVER=https://$notaryServerEndpoint
export NOTARY_ROOT_PASSPHRASE=$PASSHRASE
export NOTARY_TARGETS_PASSPHRASE=$PASSHRASE
export NOTARY_SNAPSHOT_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=$PASSHRASE
docker login -u $USER -p $PASSHRASE $IP
docker tag $tag_src $IP/$2/$3:$4
docker push $IP/$2/$3:$4

33
tests/robot-cases/Group0-Util/notary-util.sh
View File

@ -1,33 +0,0 @@
#!/bin/bash
CMD=$1
HOST=$2
PROJECT=$3
IMAGE=$4
TAG=$5
NOTARY_SERVER_ENDPOINT=$6
USER=$7
PWD=$8
PASSHRASE=$8
export DOCKER_CONTENT_TRUST=1
export NOTARY_ROOT_PASSPHRASE=$PASSHRASE
export NOTARY_TARGETS_PASSPHRASE=$PASSHRASE
export NOTARY_SNAPSHOT_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=$PASSHRASE
export NOTARY_AUTH=$(echo $USER:$PWD | base64)
echo $USER:$PWD
NOTARY_CMD_OPTIONS="notary -s https://$NOTARY_SERVER_ENDPOINT -d /root/.docker/trust"
if [ "$CMD" == "key_rotate" ]; then
echo "$NOTARY_CMD_OPTIONS key rotate $HOST/$PROJECT/$IMAGE snapshot -r"
$NOTARY_CMD_OPTIONS key rotate $HOST/$PROJECT/$IMAGE snapshot -r
elif [ "$CMD" == "remove" ]; then
echo "$NOTARY_CMD_OPTIONS remove -p $HOST/$PROJECT/$IMAGE $TAG"
$NOTARY_CMD_OPTIONS remove -p $HOST/$PROJECT/$IMAGE $TAG
fi

71
tests/robot-cases/Group1-Nightly/Notary.robot
View File

@ -1,71 +0,0 @@
# Copyright Project Harbor Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License
*** Settings ***
Documentation Harbor BATs
Resource ../../resources/Util.robot
Default Tags Nightly
*** Variables ***
${HARBOR_URL} https://${ip}
${SSH_USER} root
${HARBOR_ADMIN} admin
*** Test Cases ***
Test Case - Project Level Policy Notary Deployment security
Init Chrome Driver
${d}= Get Current Date result_format=%m%s
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Create An New Project And Go Into Project project${d}
Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} hello-world:latest
Go Into Project project${d}
Goto Project Config
Click Notary Deployment Security
Save Project Config
# Verify
# Unsigned image can not be pulled
Content Notary Deployment security Be Selected
Cannot Pull Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} hello-world:latest err_msg=The image is not signed in Notary
# Signed image can be pulled
Body Of Admin Push Signed Image project${d} redis latest ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Pull image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} redis tag=latest
Close Browser
Test Case - Admin Push Signed Image
[tags] sign_image
Body Of Push Signed Image
Test Case - Admin Push Signed Image And Remove Signature
[tags] rm_signature
Init Chrome Driver
${d}= Get Current Date result_format=%m%s
${user}= Set Variable user012
${pwd}= Set Variable Test1@34
Sign In Harbor ${HARBOR_URL} ${user} ${pwd}
Create An New Project And Go Into Project project${d}
Body Of Admin Push Signed Image project${d} alpine latest ${user} ${pwd} with_remove=${true}
Body Of Admin Push Signed Image project${d} busybox latest ${HARBOR_ADMIN} ${HARBOR_PASSWORD} with_remove=${true}
Test Case - Key Rotate
[tags] key_rotate
Init Chrome Driver
${d}= Get Current Date result_format=%m%s
${user}= Set Variable user012
${pwd}= Set Variable Test1@34
Sign In Harbor ${HARBOR_URL} ${user} ${pwd}
Create An New Project And Go Into Project project${d}
Body Of Admin Push Signed Image project${d} busybox latest ${user} ${pwd}
Notary Key Rotate ${ip} project${d} busybox latest ${user} ${pwd}
Body Of Admin Push Signed Image project${d} alpine latest ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Notary Key Rotate ${ip} project${d} alpine latest ${HARBOR_ADMIN} ${HARBOR_PASSWORD}

175
tests/robot-cases/Group1-Nightly/Replication.robot
View File

@ -633,181 +633,6 @@ Test Case - Enable Replication Of Cosign Deployment Security Policy
Retry Double Keywords When Error Click Index Achieve ${index_tag} Should Be Signed By Cosign ${image2_short_sha256}
Close Browser
Test Case - Enable Replication Of Notary Deployment Security Policy
Init Chrome Driver
${d}= Get Current Date result_format=%m%s
${image1}= Set Variable hello-world
${tag1}= Set Variable latest
${image2}= Set Variable busybox
${tag2}= Set Variable latest
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Create An New Project And Go Into Project project_push_dest${d}
Create An New Project And Go Into Project project_pull_dest${d}
Switch To Registries
Create A New Endpoint harbor e${d} https://${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Switch To Replication Manage
Create A Rule With Existing Endpoint rule_pull_${d} pull project${d}/* image e${d} project_pull_dest${d}
Logout Harbor
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Create An New Project And Go Into Project project${d}
# push images
Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} ${image1}:${tag1}
Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} ${image2}:${tag2}
# enable notary deployment security policy
Goto Project Config
Click Notary Deployment Security
Save Project Config
Content Notary Deployment security Be Selected
# push mode replication should fail
Switch To Registries
Create A New Endpoint harbor e${d} https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Switch To Replication Manage
Create A Rule With Existing Endpoint rule_push_${d} push project${d}/* image e${d} project_push_dest${d}
Select Rule And Replicate rule_push_${d}
Check Latest Replication Job Status Failed
# pull mode replication should fail
Logout Harbor
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Switch To Replication Manage
Select Rule And Replicate rule_pull_${d}
Check Latest Replication Job Status Failed
# sign
Body Of Admin Push Signed Image project${d} ${image1} ${tag1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Body Of Admin Push Signed Image project${d} ${image2} ${tag2} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
# push mode replication should success
Logout Harbor
Sign In Harbor https://${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Switch To Replication Manage
Select Rule And Replicate rule_push_${d}
Check Latest Replication Job Status Succeeded
# pull mode replication should success
Logout Harbor
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Switch To Replication Manage
Select Rule And Replicate rule_pull_${d}
Check Latest Replication Job Status Succeeded
# check project_pull_dest
Go Into Project project_pull_dest${d}
Switch To Project Repo
Repo Exist project_pull_dest${d} ${image1}
Repo Exist project_pull_dest${d} ${image2}
# check project_push_dest
Go Into Project project_push_dest${d}
Switch To Project Repo
Repo Exist project_push_dest${d} ${image1}
Repo Exist project_push_dest${d} ${image2}
Close Browser
Test Case - Enable Replication Of Cosign And Notary Deployment Security Policy
Init Chrome Driver
${d}= Get Current Date result_format=%m%s
${image1}= Set Variable hello-world
${tag1}= Set Variable latest
${image2}= Set Variable busybox
${tag2}= Set Variable latest
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Create An New Project And Go Into Project project_push_dest${d}
Create An New Project And Go Into Project project_pull_dest${d}
Switch To Registries
Create A New Endpoint harbor e${d} https://${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Switch To Replication Manage
Create A Rule With Existing Endpoint rule_pull_${d} pull project${d}/* image e${d} project_pull_dest${d}
Logout Harbor
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Create An New Project And Go Into Project project${d}
# push images
Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} ${image1}:${tag1}
Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} ${image2}:${tag2}
# enable cosign deployment security policy
Goto Project Config
Click Cosign Deployment Security
Save Project Config
Content Cosign Deployment security Be Selected
# enable notary deployment security policy
Goto Project Config
Click Notary Deployment Security
Save Project Config
Content Notary Deployment security Be Selected
# cosign sign
Cosign Generate Key Pair
Docker Login ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Cosign Sign ${ip}/project${d}/${image1}:${tag1}
Cosign Sign ${ip}/project${d}/${image2}:${tag2}
Docker Logout ${ip}
# push mode replication should fail
Switch To Registries
Create A New Endpoint harbor e${d} https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Switch To Replication Manage
Create A Rule With Existing Endpoint rule_push_${d} push project${d}/* image e${d} project_push_dest${d}
Select Rule And Replicate rule_push_${d}
Check Latest Replication Job Status Failed
# pull mode replication should fail
Logout Harbor
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Switch To Replication Manage
Select Rule And Replicate rule_pull_${d}
Check Latest Replication Job Status Failed
# notary sign
Body Of Admin Push Signed Image project${d} ${image1} ${tag1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Body Of Admin Push Signed Image project${d} ${image2} ${tag2} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
# delete cosign accessory
Logout Harbor
Sign In Harbor https://${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Go Into Project project${d}
Go Into Repo project${d}/${image1}
Retry Double Keywords When Error Delete Accessory ${tag1} Should be Accessory deleted ${tag1}
Back Project Home project${d}
Go Into Repo project${d}/${image2}
Retry Double Keywords When Error Delete Accessory ${tag2} Should be Accessory deleted ${tag2}
# push mode replication should fail
Switch To Replication Manage
Select Rule And Replicate rule_push_${d}
Check Latest Replication Job Status Failed
# pull mode replication should fail
Logout Harbor
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Switch To Replication Manage
Select Rule And Replicate rule_pull_${d}
Check Latest Replication Job Status Failed
# cosign sign
Docker Login ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Cosign Sign ${ip}/project${d}/${image1}:${tag1}
Cosign Sign ${ip}/project${d}/${image2}:${tag2}
Docker Logout ${ip}
# push mode replication should success
Logout Harbor
Sign In Harbor https://${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Switch To Replication Manage
Select Rule And Replicate rule_push_${d}
Check Latest Replication Job Status Succeeded
# pull mode replication should success
Logout Harbor
Sign In Harbor https://${ip1} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
Switch To Replication Manage
Select Rule And Replicate rule_pull_${d}
Check Latest Replication Job Status Succeeded
# check project_pull_dest
Go Into Project project_pull_dest${d}
Switch To Project Repo
Repo Exist project_pull_dest${d} ${image1}
Repo Exist project_pull_dest${d} ${image2}
Retry Double Keywords When Error Go Into Repo project_pull_dest${d}/${image1} Should Be Signed By Cosign ${tag1}
Back Project Home project_pull_dest${d}
Retry Double Keywords When Error Go Into Repo project_pull_dest${d}/${image2} Should Be Signed By Cosign ${tag2}
# check project_push_dest
Go Into Project project_push_dest${d}
Switch To Project Repo
Repo Exist project_push_dest${d} ${image1}
Repo Exist project_push_dest${d} ${image2}
Retry Double Keywords When Error Go Into Repo project_push_dest${d}/${image1} Should Be Signed By Cosign ${tag1}
Back Project Home project_push_dest${d}
Retry Double Keywords When Error Go Into Repo project_push_dest${d}/${image2} Should Be Signed By Cosign ${tag2}
Close Browser
Test Case - Carvel Imgpkg Copy To Harbor
[Tags] imgpkg_copy
Init Chrome Driver

4
tests/robot-cases/Group1-Nightly/Upgrade.robot
View File

@ -29,7 +29,3 @@ Test Case - Manage project publicity
Test Case - Scan A Tag In The Repo
[Tags] trivy
Body Of Scan A Tag In The Repo vmware/photon 1.0
Test Case - Admin Push Signed Image
[tags] sign_image
Body Of Push Signed Image

13
tests/robot-cases/Group3-Upgrade/prepare.py
View File

@ -495,9 +495,6 @@ class HarborAPI:
}
],
"event_types":[
"downloadChart",
"deleteChart",
"uploadChart",
"deleteImage",
"pullImage",
"pushImage",
@ -522,9 +519,6 @@ class HarborAPI:
"DELETE_ARTIFACT",
"PULL_ARTIFACT",
"PUSH_ARTIFACT",
"DELETE_CHART",
"DOWNLOAD_CHART",
"UPLOAD_CHART",
"QUOTA_EXCEED",
"QUOTA_WARNING",
"REPLICATION",
@ -621,10 +615,6 @@ def push_image(image, project):
os.system("docker login "+args.endpoint+" -u admin"+" -p Harbor12345")
os.system("docker push "+args.endpoint+"/"+project+"/library/"+image)
def push_signed_image(image, project, tag):
print("LOCAL_REGISTRY:{} LOCAL_REGISTRY_NAMESPACE:{}".format(args.LOCAL_REGISTRY, args.LOCAL_REGISTRY_NAMESPACE))
os.system("./sign_image.sh" + " " + args.endpoint + " " + project + " " + image + " " + tag + " " + args.LOCAL_REGISTRY + " " + args.LOCAL_REGISTRY_NAMESPACE)
@get_feature_branch
def set_url(**kwargs):
global url
@ -653,14 +643,11 @@ def do_data_creation():
harborAPI.add_distribution(distribution, version=args.version)
harborAPI.populate_projects("projects", version=args.version)
harborAPI.populate_projects("notary_projects", create_project_only=True, version=args.version)
harborAPI.populate_quotas(version=args.version)
harborAPI.push_artifact_index(data["projects"][0]["name"], data["projects"][0]["artifact_index"]["name"], data["projects"][0]["artifact_index"]["tag"], version=args.version)
#pull_image("busybox", "redis", "haproxy", "alpine", "httpd:2")
push_self_build_image_to_project(data["projects"][0]["name"], args.endpoint, 'admin', 'Harbor12345', "busybox", "latest")
for project in data["notary_projects"]:
push_signed_image("alpine", project["name"], "latest")
for replicationrule in data["replicationrule"]:
harborAPI.add_replication_rule(replicationrule, version=args.version)

35
tests/robot-cases/Group3-Upgrade/sign_image.sh
View File

@ -1,35 +0,0 @@
#!/bin/bash
set -x
set -e
echo "registry:"$5
echo "repo:"$6
docker pull $5/$6/$3:$4
IP=$1
PASSHRASE='Harbor12345'
echo $IP
mkdir -p /etc/docker/certs.d/$IP/
mkdir -p ~/.docker/tls/$IP:4443/
cp /harbor/ca/ca.crt /etc/docker/certs.d/$IP/
cp /harbor/ca/ca.crt ~/.docker/tls/$IP:4443/
export DOCKER_CONTENT_TRUST=1
export DOCKER_CONTENT_TRUST_SERVER=https://$IP:4443
export NOTARY_ROOT_PASSPHRASE=$PASSHRASE
export NOTARY_TARGETS_PASSPHRASE=$PASSHRASE
export NOTARY_SNAPSHOT_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=$PASSHRASE
docker login -u admin -p Harbor12345 $IP
docker tag $5/$6/$3:$4 $IP/$2/$3:$4
docker push $IP/$2/$3:$4
rm -rf /key_store/*
umask 077; tar -zcvf /key_store/private_keys_backup.tar.gz ~/.docker/trust/private; umask 022

2
tests/robot-cases/Group3-Upgrade/verify.robot
View File

@ -88,7 +88,6 @@ Test Case - Upgrade Verify
Run Keyword Verify Trivy Is Default Scanner
Run Keyword Verify Artifact Index ${data}
Run Keyword Verify Quotas Display ${data}
Run Keyword Verify Re-sign Image ${data}
Test Case - Upgrade Verify
[Tags] 2.1-latest
@ -116,4 +115,3 @@ Test Case - Upgrade Verify
Run Keyword Verify Distributions ${data}
Run Keyword Verify P2P Preheat Policy ${data}
Run Keyword Verify Quotas Display ${data}
Run Keyword Verify Re-sign Image ${data}