Merge pull request #10510 from danfengliu/cherry-pick-1.10-add-remove-notary-signature-nightly-testcase

[Cherry-pick 1.10.0]Add notary remove signature test case in nightly

tests/e2e-image/Dockerfile

@@ -62,8 +62,34 @@ RUN wget https://github.com/drone/drone-cli/releases/download/v0.8.3/drone_linux
 RUN curl -sSL https://github.com/vmware/govmomi/releases/download/v0.16.0/govc_linux_amd64.gz | gzip -d > /usr/local/bin/govc && \
     chmod +x /usr/local/bin/govc
 
-RUN  wget https://launchpad.net/ubuntu/+source/wget/1.18-2ubuntu1/+build/10470166/+files/wget_1.18-2ubuntu1_amd64.deb && \
-     dpkg -i wget_1.18-2ubuntu1_amd64.deb
+RUN wget https://get.helm.sh/helm-v2.14.1-linux-386.tar.gz && tar zxvf helm-v2.14.1-linux-386.tar.gz && \
+    mv linux-386/helm /usr/local/bin/helm && \
+	helm init --client-only && \
+	helm plugin install https://github.com/chartmuseum/helm-push
+
+RUN wget https://get.helm.sh/helm-v3.0.0-linux-386.tar.gz && tar zxvf helm-v3.0.0-linux-386.tar.gz && \
+    mv linux-386/helm /usr/local/bin/helm3 && \
+	helm3 plugin install https://github.com/chartmuseum/helm-push
+
+RUN wget http://nchc.dl.sourceforge.net/sourceforge/tcl/tcl8.4.11-src.tar.gz && \
+    tar xfvz tcl8.4.11-src.tar.gz && \
+    cd tcl8.4.11/unix && \
+    sed -i "s/relid'/relid/" configure && \
+    ./configure --prefix=/ixdba.net && \
+    make && \
+    make install && \
+    cp -r * ../tools && \
+    cd .. && \
+    cp -r tools / && \
+    cd /  && \
+    wget http://sourceforge.net/projects/expect/files/Expect/5.45/expect5.45.tar.gz && \
+    tar xzvf expect5.45.tar.gz && \
+    cd expect5.45 && \
+    ./configure --prefix=/tools --with-tcl=/tools --with-x=no && \
+    make && \
+    make install && \
+    cd /ixdba.net/bin && \
+    mv  expect /usr/local/bin/expect
 
 # Add docker in docker support
 # version: docker:1.13-dind

tests/resources/Harbor-Util.robot

@@ -114,6 +114,13 @@ Enable Notary Client
     ${rc}  ${output}=  Run And Return Rc And Output  ls -la ~/.docker/tls/${notaryServerEndpointNoSubDir}/
     Log  ${output}
 
+Remove Notary Signature
+    [Arguments]  ${ip}  ${image}
+    ${rc}  ${output}=  Run And Return Rc And Output  ./tests/robot-cases/Group0-Util/notary-remove-image-signature.expect ${ip} library ${image}
+    Log To Console  ${output}
+    Log  ${output}
+    Should Be Equal As Integers  ${rc}  0
+
 Prepare
     [Arguments]  ${with_notary}=true  ${with_clair}=true  ${with_chartmuseum}=true
     ${rc}  ${output}=  Run And Return Rc And Output  make prepare -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum}

tests/resources/TestCaseBody.robot

@@ -98,21 +98,24 @@ Body Of List Helm Charts
     Close Browser
 
 Body Of Admin Push Signed Image
+    [Arguments]  ${image}  ${with_remove}=${false}
     Enable Notary Client
 
     ${rc}  ${output}=  Run And Return Rc And Output  docker pull hello-world:latest
     Log  ${output}
 
     Push image  ${ip}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}  library  hello-world:latest
-    ${rc}  ${output}=  Run And Return Rc And Output  ./tests/robot-cases/Group0-Util/notary-push-image.sh ${ip} ${notaryServerEndpoint}
+    ${rc}  ${output}=  Run And Return Rc And Output  ./tests/robot-cases/Group0-Util/notary-push-image.sh ${ip} library ${image} latest
     Log  ${output}
     Should Be Equal As Integers  ${rc}  0
 
-    ${rc}  ${output}=  Run And Return Rc And Output  curl -u admin:Harbor12345 -s --insecure -H "Content-Type: application/json" -X GET "https://${ip}/api/repositories/library/tomcat/signatures"
+    ${rc}  ${output}=  Run And Return Rc And Output  curl -u admin:Harbor12345 -s --insecure -H "Content-Type: application/json" -X GET "https://${ip}/api/repositories/library/${image}/signatures"
     Log To Console  ${output}
     Should Be Equal As Integers  ${rc}  0
     Should Contain  ${output}  sha256
 
+    Run Keyword If  ${with_remove} == ${true}  Remove Notary Signature  ${ip}  ${image}
+
 Delete A Project Without Sign In Harbor
     [Arguments]  ${harbor_ip}=${ip}  ${username}=${HARBOR_ADMIN}  ${password}=${HARBOR_PASSWORD}
     ${d}=    Get Current Date    result_format=%m%s

tests/robot-cases/Group0-Util/notary-push-image.sh

@@ -1,16 +1,20 @@
 #!/bin/bash
 
-docker pull tomcat:latest
+docker pull $3:$4
 
 IP=$1
-notaryServerEndpoint=$2
 PASSHRASE='Harbor12345'
 
 echo $IP
-echo "Notary server endpoint: $notaryServerEndpoint"
+
+mkdir -p /etc/docker/certs.d/$IP/
+mkdir -p ~/.docker/tls/$IP:4443/
+
+cp /notary_ca/ca.crt /etc/docker/certs.d/$IP/
+cp /notary_ca/ca.crt ~/.docker/tls/$IP:4443/
 
 export DOCKER_CONTENT_TRUST=1
-export DOCKER_CONTENT_TRUST_SERVER=https://$notaryServerEndpoint
+export DOCKER_CONTENT_TRUST_SERVER=https://$IP:4443
 
 export NOTARY_ROOT_PASSPHRASE=$PASSHRASE
 export NOTARY_TARGETS_PASSPHRASE=$PASSHRASE
@@ -21,5 +25,5 @@ export DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=$PASSHRASE
 export DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=$PASSHRASE
 
 docker login -u admin -p Harbor12345 $IP
-docker tag tomcat $IP/library/tomcat:latest
-docker push $IP/library/tomcat:latest
+docker tag $3:$4 $IP/$2/$3:$4
+docker push $IP/$2/$3:$4

tests/robot-cases/Group0-Util/notary-remove-image-signature.expect

@@ -0,0 +1,18 @@
+#!/usr/local/bin/expect
+
+set HOST [lindex $argv 0]
+set PROJECT [lindex $argv 1]
+set IMAGE [lindex $argv 2]
+set timeout 30
+
+spawn notary -s https://$HOST:4443 --tlscacert /notary_ca/ca.crt -d /root/.docker/trust remove -p $HOST/$PROJECT/$IMAGE latest
+
+expect {
+        "Enter username:" {send "admin\r";exp_continue}
+        "Enter password:" {send "Harbor12345\r";exp_continue}
+        "Enter passphrase for targets key with ID*" {send "Harbor12345\r"}
+        timeout {exit 1}
+}
+expect eof
+exit 0
+

tests/robot-cases/Group1-Nightly/Notary.robot

@@ -40,4 +40,7 @@ Test Case - Project Level Policy Content Trust
     Close Browser
 
 Test Case - Admin Push Signed Image
-    Body Of Admin Push Signed Image
+    Body Of Admin Push Signed Image  tomcat
+
+Test Case - Admin Push Signed Image And Remove Signature
+    Body Of Admin Push Signed Image  mariadb  with_remove=${true}