test_assign_role_to_ldap_group.py 5.46 KB
Newer Older
danfengliu's avatar
danfengliu committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
from __future__ import absolute_import
import unittest

from testutils import harbor_server
from testutils import TEARDOWN
from testutils import ADMIN_CLIENT
from testutils import created_user, created_project
from library.project import Project
from library.user import User
from library.repository import Repository
from library.repository import push_image_to_project
from library.artifact import Artifact
from library.scanner import Scanner
from library.configurations import Configurations
from library.projectV2 import ProjectV2


class TestAssignRoleToLdapGroup(unittest.TestCase):
    @classmethod
    def setUp(self):
        self.conf= Configurations()
        self.project = Project()
        self.artifact = Artifact()
        self.repo = Repository()
25
        self.user= User()
danfengliu's avatar
danfengliu committed
26 27 28 29 30

    @classmethod
    def tearDown(self):
        print("Case completed")

danfengliu's avatar
danfengliu committed
31
    def testAssignRoleToLdapGroup(self):
danfengliu's avatar
danfengliu committed
32 33 34 35 36 37 38 39
        """
        Test case:
            Assign Role To Ldap Group
        Test step and expected result:
            1. Set LDAP Auth configurations;
            2. Create a new public project(PA) by Admin;
            3. Add 3 member groups to project(PA);
            4. Push image by each member role;
40 41 42 43 44
            5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member;
            6. Verfify that admin_user and dev_user can push image, guest_user can not push image;
            7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs.
            8. Delete repository(RA) by user(UA);
            9. Delete project(PA);
danfengliu's avatar
danfengliu committed
45 46 47 48 49 50
        """
        url = ADMIN_CLIENT["endpoint"]
        USER_ADMIN=dict(endpoint = url, username = "admin_user", password = "zhu88jie", repo = "hello-world")
        USER_DEV=dict(endpoint = url, username = "dev_user", password = "zhu88jie", repo = "alpine")
        USER_GUEST=dict(endpoint = url, username = "guest_user", password = "zhu88jie", repo = "busybox")
        USER_TEST=dict(endpoint = url, username = "test", password = "123456")
51 52
        USER_MIKE=dict(endpoint = url, username = "mike", password = "zhu88jie")
        #USER001 is in group harbor_group3
danfengliu's avatar
danfengliu committed
53 54 55 56 57 58 59
        self.conf.set_configurations_of_ldap(ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com",
                                             ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT)

        with created_project(metadata={"public": "false"}) as (project_id, project_name):
            self.project.add_project_members(project_id, member_role_id = 1, _ldap_group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT)
            self.project.add_project_members(project_id, member_role_id = 2, _ldap_group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT)
            self.project.add_project_members(project_id, member_role_id = 3, _ldap_group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT)
60

danfengliu's avatar
danfengliu committed
61 62 63 64
            projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN)
            self.assertTrue(len(projects) == 1)
            self.assertEqual(1, projects[0].current_user_role_id)

65 66 67 68 69 70 71 72
            #Mike has logged in harbor in previous test.
            mike = self.user.get_user_by_name(USER_MIKE["username"], **ADMIN_CLIENT)

            #Verify role difference in add project member feature, to distinguish between admin and dev role
            self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, **USER_ADMIN)
            self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, expect_status_code=403, **USER_DEV)
            self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, expect_status_code=403, **USER_GUEST)

danfengliu's avatar
danfengliu committed
73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
            repo_name_admin, _  = push_image_to_project(project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest")
            artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN)
            self.assertTrue(len(artifacts) == 1)
            repo_name_dev, _ = push_image_to_project(project_name, harbor_server, USER_DEV["username"], USER_DEV["password"], USER_DEV["repo"], "latest")
            artifacts = self.artifact.list_artifacts(project_name, USER_DEV["repo"], **USER_DEV)
            self.assertTrue(len(artifacts) == 1)
            push_image_to_project(project_name, harbor_server, USER_GUEST["username"], USER_GUEST["password"], USER_GUEST["repo"], "latest")
            artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST)
            self.assertTrue(len(artifacts) == 0)

            self.assertTrue(self.project.query_user_logs(project_name, **USER_ADMIN)>0, "admin user can see logs")
            self.assertTrue(self.project.query_user_logs(project_name, **USER_DEV)>0, "dev user can see logs")
            self.assertTrue(self.project.query_user_logs(project_name, **USER_GUEST)>0, "guest user can see logs")
            self.assertTrue(self.project.query_user_logs(project_name, status_code=403, **USER_TEST)==0, "test user can not see any logs")

            self.repo.delete_repoitory(project_name, repo_name_admin.split('/')[1], **USER_ADMIN)
            self.repo.delete_repoitory(project_name, repo_name_dev.split('/')[1], **USER_ADMIN)

if __name__ == '__main__':
    unittest.main()