mirror of
https://github.com/goharbor/harbor.git
synced 2024-09-18 08:41:10 +02:00
7fb9dbd0fa
1. Fix E2E quotas issue, push the same image but with different name; 2. Add checkpoint for robot account test; 3. Upgraded docker and containerd in E2E image; 4. Package base image sample(busybox) into E2E image, so in E2E container, all local docker images can be cleaned up, once base image is needed for building image, it can be loaded locally; 5. Adapt OIDC service of supporting LDAP user, and add OIDC group user test; 6. Restart docker deamon before content trust test, both in API and UI test; 7. Add retry for keyword "Add A Tag Immutability Rule"; 8. Fix tag retention test issue, missing click angle icon, and enhance checkpoint of dry run and real run; 9. Fix schedule test issue for wrong cron string; 10. Disable quotas verification, it's not stable for script defect; Signed-off-by: danfengliu <danfengl@vmware.com>
92 lines
5.6 KiB
Python
92 lines
5.6 KiB
Python
from __future__ import absolute_import
|
|
import unittest
|
|
|
|
from testutils import harbor_server, suppress_urllib3_warning
|
|
from testutils import TEARDOWN
|
|
from testutils import ADMIN_CLIENT
|
|
from testutils import created_user, created_project
|
|
from library.project import Project
|
|
from library.user import User
|
|
from library.repository import Repository
|
|
from library.repository import push_image_to_project
|
|
from library.artifact import Artifact
|
|
from library.scanner import Scanner
|
|
from library.configurations import Configurations
|
|
from library.projectV2 import ProjectV2
|
|
|
|
|
|
class TestAssignRoleToLdapGroup(unittest.TestCase):
|
|
@suppress_urllib3_warning
|
|
def setUp(self):
|
|
self.conf= Configurations()
|
|
self.project = Project()
|
|
self.artifact = Artifact()
|
|
self.repo = Repository()
|
|
self.user= User()
|
|
|
|
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
|
|
def tearDown(self):
|
|
print("Case completed")
|
|
|
|
def testAssignRoleToLdapGroup(self):
|
|
"""
|
|
Test case:
|
|
Assign Role To Ldap Group
|
|
Test step and expected result:
|
|
1. Set LDAP Auth configurations;
|
|
2. Create a new public project(PA) by Admin;
|
|
3. Add 3 member groups to project(PA);
|
|
4. Push image by each member role;
|
|
5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member;
|
|
6. Verfify that admin_user and dev_user can push image, guest_user can not push image;
|
|
7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs.
|
|
8. Delete repository(RA) by user(UA);
|
|
9. Delete project(PA);
|
|
"""
|
|
url = ADMIN_CLIENT["endpoint"]
|
|
USER_ADMIN=dict(endpoint = url, username = "admin_user", password = "zhu88jie", repo = "haproxy")
|
|
USER_DEV=dict(endpoint = url, username = "dev_user", password = "zhu88jie", repo = "alpine")
|
|
USER_GUEST=dict(endpoint = url, username = "guest_user", password = "zhu88jie", repo = "busybox")
|
|
USER_TEST=dict(endpoint = url, username = "test", password = "123456")
|
|
USER_MIKE=dict(endpoint = url, username = "mike", password = "zhu88jie")
|
|
#USER001 is in group harbor_group3
|
|
self.conf.set_configurations_of_ldap(ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com",
|
|
ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT)
|
|
|
|
with created_project(metadata={"public": "false"}) as (project_id, project_name):
|
|
self.project.add_project_members(project_id, member_role_id = 1, _ldap_group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT)
|
|
self.project.add_project_members(project_id, member_role_id = 2, _ldap_group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT)
|
|
self.project.add_project_members(project_id, member_role_id = 3, _ldap_group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT)
|
|
|
|
projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN)
|
|
self.assertTrue(len(projects) == 1)
|
|
self.assertEqual(1, projects[0].current_user_role_id)
|
|
|
|
#Mike has logged in harbor in previous test.
|
|
mike = self.user.get_user_by_name(USER_MIKE["username"], **ADMIN_CLIENT)
|
|
|
|
#Verify role difference in add project member feature, to distinguish between admin and dev role
|
|
self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, **USER_ADMIN)
|
|
self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, expect_status_code=403, **USER_DEV)
|
|
self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, expect_status_code=403, **USER_GUEST)
|
|
|
|
repo_name_admin, _ = push_image_to_project(project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest")
|
|
artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN)
|
|
self.assertTrue(len(artifacts) == 1)
|
|
repo_name_dev, _ = push_image_to_project(project_name, harbor_server, USER_DEV["username"], USER_DEV["password"], USER_DEV["repo"], "latest")
|
|
artifacts = self.artifact.list_artifacts(project_name, USER_DEV["repo"], **USER_DEV)
|
|
self.assertTrue(len(artifacts) == 1)
|
|
push_image_to_project(project_name, harbor_server, USER_GUEST["username"], USER_GUEST["password"], USER_GUEST["repo"], "latest", expected_error_message = "unauthorized to access repository")
|
|
artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST)
|
|
self.assertTrue(len(artifacts) == 0)
|
|
|
|
self.assertTrue(self.project.query_user_logs(project_name, **USER_ADMIN)>0, "admin user can see logs")
|
|
self.assertTrue(self.project.query_user_logs(project_name, **USER_DEV)>0, "dev user can see logs")
|
|
self.assertTrue(self.project.query_user_logs(project_name, **USER_GUEST)>0, "guest user can see logs")
|
|
self.assertTrue(self.project.query_user_logs(project_name, status_code=403, **USER_TEST)==0, "test user can not see any logs")
|
|
|
|
self.repo.delete_repository(project_name, repo_name_admin.split('/')[1], **USER_ADMIN)
|
|
self.repo.delete_repository(project_name, repo_name_dev.split('/')[1], **USER_ADMIN)
|
|
|
|
if __name__ == '__main__':
|
|
unittest.main() |