// Copyright (c) 2017 VMware, Inc. All Rights Reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. *** Settings *** Documentation Harbor BATs Resource ../../resources/Util.robot Default Tags Nightly *** Variables *** ${HARBOR_URL} https://${ip} ${SSH_USER} root ${HARBOR_ADMIN} admin *** Test Cases *** Test Case - Clair Is Default Scanner And It Is Immutable Init Chrome Driver Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} Switch To Scanners Page Should Display The Default Clair Scanner Clair Is Immutable Scanner Test Case - Disable Scan Schedule Init Chrome Driver Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} Switch To Vulnerability Page Disable Scan Schedule Logout Harbor Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} Switch To Vulnerability Page Retry Wait Until Page Contains None Close Browser Test Case - Scan A Tag In The Repo Body Of Scan A Tag In The Repo Test Case - Scan As An Unprivileged User Init Chrome Driver Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} library hello-world Sign In Harbor ${HARBOR_URL} user024 Test1@34 Go Into Project library Go Into Repo hello-world Select Object latest Scan Is Disabled Close Browser Test Case - Scan Image With Empty Vul Init Chrome Driver Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} library busybox Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} Go Into Project library Go Into Repo busybox Scan Repo latest Succeed Move To Summary Chart Wait Until Page Contains No vulnerability Close Browser Test Case - Manual Scan All Init Chrome Driver Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} library redis Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} Switch To Vulnerability Page Trigger Scan Now Navigate To Projects Go Into Project library Go Into Repo redis Summary Chart Should Display latest Close Browser Test Case - View Scan Error Init Chrome Driver ${d}= get current date result_format=%m%s Sign In Harbor ${HARBOR_URL} user026 Test1@34 Create An New Project project${d} Push Image ${ip} user026 Test1@34 project${d} vmware/photon:1.0 Go Into Project project${d} Go Into Repo project${d}/vmware/photon Scan Repo 1.0 Fail View Scan Error Log Close Browser Test Case - Scan Image On Push [Tags] run-once Init Chrome Driver Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} library hello-world Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} Go Into Project library Goto Project Config Enable Scan On Push Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} library memcached Navigate To Projects Go Into Project library Go Into Repo memcached Summary Chart Should Display latest Close Browser Test Case - View Scan Results [Tags] run-once Init Chrome Driver ${d}= get current date result_format=%m%s Sign In Harbor ${HARBOR_URL} user025 Test1@34 Create An New Project project${d} Push Image ${ip} user025 Test1@34 project${d} tomcat Go Into Project project${d} Go Into Repo project${d}/tomcat Scan Repo latest Succeed Summary Chart Should Display latest View Repo Scan Details Close Browser Test Case - Project Level Image Serverity Policy [Tags] run-once Init Chrome Driver Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} ${d}= get current date result_format=%m%s ${sha256}= Set Variable 68b49a280d2fbe9330c0031970ebb72015e1272dfa25f0ed7557514f9e5ad7b7 ${image}= Set Variable postgres Create An New Project project${d} Push Image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} ${image} sha256=${sha256} Go Into Project project${d} Go Into Repo ${image} Scan Repo ${sha256} Succeed Navigate To Projects Go Into Project project${d} Set Vulnerabilty Serverity 0 Cannot pull image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d} ${image} tag=${sha256} Close Browser #Important Note: All CVE IDs in CVE Whitelist cases must unique! Test Case - Verfiy System Level CVE Whitelist [Tags] run-once Init Chrome Driver ${d}= Get Current Date result_format=%m%s ${image}= Set Variable redis ${sha256}= Set Variable 9755880356c4ced4ff7745bafe620f0b63dd17747caedba72504ef7bac882089 ${signin_user}= Set Variable user025 ${signin_pwd}= Set Variable Test1@34 Sign In Harbor ${HARBOR_URL} ${signin_user} ${signin_pwd} Create An New Project project${d} Push Image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} sha256=${sha256} Go Into Project project${d} Set Vulnerabilty Serverity 1 Cannot Pull image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} tag=${sha256} Go Into Project project${d} Go Into Repo project${d}/${image} Scan Repo ${sha256} Succeed Logout Harbor Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} Switch To Configure Switch To Configuration System Setting Add Items To System CVE Whitelist CVE-2019-12904\nCVE-2011-3389\nCVE-2018-12886\nCVE-2019-3843\nCVE-2018-20839\nCVE-2019-5094\nCVE-2019-15847\nCVE-2019-13627 Cannot Pull image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} tag=${sha256} Add Items To System CVE Whitelist CVE-2019-3844 Pull Image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} tag=${sha256} Delete Top Item In System CVE Whitelist count=6 Cannot Pull image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} tag=${sha256} Close Browser Test Case - Verfiy Project Level CVE Whitelist [Tags] run-once Init Chrome Driver ${d}= Get Current Date result_format=%m%s ${image}= Set Variable redis ${sha256}= Set Variable 9755880356c4ced4ff7745bafe620f0b63dd17747caedba72504ef7bac882089 ${signin_user}= Set Variable user025 ${signin_pwd}= Set Variable Test1@34 Sign In Harbor ${HARBOR_URL} ${signin_user} ${signin_pwd} Create An New Project project${d} Push Image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} sha256=${sha256} Pull Image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} tag=${sha256} Go Into Project project${d} Set Vulnerabilty Serverity 1 Cannot Pull image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} tag=${sha256} Go Into Project project${d} Go Into Repo project${d}/${image} Scan Repo ${sha256} Succeed Go Into Project project${d} Add Items to Project CVE Whitelist CVE-2019-12904\nCVE-2011-3389\nCVE-2018-12886\nCVE-2019-3843\nCVE-2018-20839\nCVE-2019-5094\nCVE-2019-15847\nCVE-2019-13627 Cannot Pull image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} tag=${sha256} Add Items to Project CVE Whitelist CVE-2019-3844 Pull Image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} tag=${sha256} Delete Top Item In Project CVE Whitelist Cannot Pull image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} tag=${sha256} Close Browser Test Case - Verfiy Project Level CVE Whitelist By Quick Way of Add System [Tags] run-once Init Chrome Driver ${d}= Get Current Date result_format=%m%s ${image}= Set Variable redis ${sha256}= Set Variable 9755880356c4ced4ff7745bafe620f0b63dd17747caedba72504ef7bac882089 ${signin_user}= Set Variable user025 ${signin_pwd}= Set Variable Test1@34 Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} Switch To Configure Switch To Configuration System Setting Add Items To System CVE Whitelist CVE-2019-12904\nCVE-2011-3389\nCVE-2018-12886\nCVE-2019-3843\nCVE-2018-20839\nCVE-2019-3844\nCVE-2019-5094\nCVE-2019-15847\nCVE-2019-13627 Logout Harbor Sign In Harbor ${HARBOR_URL} ${signin_user} ${signin_pwd} Create An New Project project${d} Push Image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} sha256=${sha256} Go Into Project project${d} Set Vulnerabilty Serverity 1 Go Into Project project${d} Go Into Repo project${d}/${image} Scan Repo ${sha256} Succeed Pull Image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} tag=${sha256} Go Into Project project${d} Set Project To Project Level CVE Whitelist Cannot Pull image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} tag=${sha256} Add System CVE Whitelist to Project CVE Whitelist By Add System Button Click Pull Image ${ip} ${signin_user} ${signin_pwd} project${d} ${image} tag=${sha256} Close Browser