Unverified Commit d99ea887 authored by danfengliu's avatar danfengliu Committed by GitHub
Browse files

Merge pull request #12989 from danfengliu/Add-Checkpoint-for-LDAP-group-py-test

Add checkpoint for LDAP group py-test
parents 55fedc5a 86fb6fdc
...@@ -189,7 +189,7 @@ class Project(base.Base): ...@@ -189,7 +189,7 @@ class Project(base.Base):
base._assert_status_code(expect_status_code, status_code) base._assert_status_code(expect_status_code, status_code)
base._assert_status_code(200, status_code) base._assert_status_code(200, status_code)
def add_project_members(self, project_id, user_id = None, member_role_id = None, _ldap_group_dn=None,expect_status_code = 201, **kwargs): def add_project_members(self, project_id, user_id = None, member_role_id = None, _ldap_group_dn=None, expect_status_code = 201, **kwargs):
kwargs['api_type'] = 'products' kwargs['api_type'] = 'products'
projectMember = swagger_client.ProjectMember() projectMember = swagger_client.ProjectMember()
if user_id is not None: if user_id is not None:
...@@ -203,9 +203,13 @@ class Project(base.Base): ...@@ -203,9 +203,13 @@ class Project(base.Base):
client = self._get_client(**kwargs) client = self._get_client(**kwargs)
data = [] data = []
data, status_code, header = client.projects_project_id_members_post_with_http_info(project_id, project_member = projectMember) try:
base._assert_status_code(expect_status_code, status_code) data, status_code, header = client.projects_project_id_members_post_with_http_info(project_id, project_member = projectMember)
return base._get_id_from_header(header) except swagger_client.rest.ApiException as e:
base._assert_status_code(expect_status_code, e.status)
else:
base._assert_status_code(expect_status_code, status_code)
return base._get_id_from_header(header)
def add_project_robot_account(self, project_id, project_name, expires_at, robot_name = None, robot_desc = None, has_pull_right = True, has_push_right = True, has_chart_read_right = True, has_chart_create_right = True, expect_status_code = 201, **kwargs): def add_project_robot_account(self, project_id, project_name, expires_at, robot_name = None, robot_desc = None, has_pull_right = True, has_push_right = True, has_chart_read_right = True, has_chart_create_right = True, expect_status_code = 201, **kwargs):
kwargs['api_type'] = 'products' kwargs['api_type'] = 'products'
......
...@@ -2,11 +2,12 @@ ...@@ -2,11 +2,12 @@
import base import base
import swagger_client import swagger_client
from swagger_client.rest import ApiException
class User(base.Base): class User(base.Base):
def create_user(self, name=None, def create_user(self, name=None,
email = None, user_password=None, realname = None, role_id = None, **kwargs): email = None, user_password=None, realname = None, role_id = None, expect_status_code=201, **kwargs):
if name is None: if name is None:
name = base._random_name("user") name = base._random_name("user")
if realname is None: if realname is None:
...@@ -20,13 +21,16 @@ class User(base.Base): ...@@ -20,13 +21,16 @@ class User(base.Base):
client = self._get_client(**kwargs) client = self._get_client(**kwargs)
user = swagger_client.User(username = name, email = email, password = user_password, realname = realname, role_id = role_id) user = swagger_client.User(username = name, email = email, password = user_password, realname = realname, role_id = role_id)
_, status_code, header = client.users_post_with_http_info(user)
base._assert_status_code(201, status_code) try:
_, status_code, header = client.users_post_with_http_info(user)
except ApiException as e:
base._assert_status_code(expect_status_code, e.status)
else:
base._assert_status_code(expect_status_code, status_code)
return base._get_id_from_header(header), name
return base._get_id_from_header(header), name def get_users(self, user_name=None, email=None, page=None, page_size=None, expect_status_code=200, **kwargs):
def get_users(self, user_name=None, email=None, page=None, page_size=None, **kwargs):
client = self._get_client(**kwargs) client = self._get_client(**kwargs)
params={} params={}
if user_name is not None: if user_name is not None:
...@@ -37,9 +41,13 @@ class User(base.Base): ...@@ -37,9 +41,13 @@ class User(base.Base):
params["page"] = page params["page"] = page
if page_size is not None: if page_size is not None:
params["page_size"] = page_size params["page_size"] = page_size
data, status_code, _ = client.users_get_with_http_info(**params) try:
base._assert_status_code(200, status_code) data, status_code, _ = client.users_get_with_http_info(**params)
return data except ApiException as e:
base._assert_status_code(expect_status_code, e.status)
else:
base._assert_status_code(expect_status_code, status_code)
return data
def get_user_by_id(self, user_id, **kwargs): def get_user_by_id(self, user_id, **kwargs):
client = self._get_client(**kwargs) client = self._get_client(**kwargs)
...@@ -47,8 +55,8 @@ class User(base.Base): ...@@ -47,8 +55,8 @@ class User(base.Base):
base._assert_status_code(200, status_code) base._assert_status_code(200, status_code)
return data return data
def get_user_by_name(self, name, **kwargs): def get_user_by_name(self, name, expect_status_code=200, **kwargs):
users = self.get_users(user_name=name, **kwargs) users = self.get_users(user_name=name, expect_status_code=expect_status_code , **kwargs)
for user in users: for user in users:
if user.username == name: if user.username == name:
return user return user
......
...@@ -10,7 +10,6 @@ from library.user import User ...@@ -10,7 +10,6 @@ from library.user import User
from library.repository import Repository from library.repository import Repository
from library.repository import push_image_to_project from library.repository import push_image_to_project
from library.artifact import Artifact from library.artifact import Artifact
from library.scan import Scan
from library.scanner import Scanner from library.scanner import Scanner
from library.configurations import Configurations from library.configurations import Configurations
from library.projectV2 import ProjectV2 from library.projectV2 import ProjectV2
...@@ -23,7 +22,7 @@ class TestAssignRoleToLdapGroup(unittest.TestCase): ...@@ -23,7 +22,7 @@ class TestAssignRoleToLdapGroup(unittest.TestCase):
self.project = Project() self.project = Project()
self.artifact = Artifact() self.artifact = Artifact()
self.repo = Repository() self.repo = Repository()
self.scan = Scan() self.user= User()
@classmethod @classmethod
def tearDown(self): def tearDown(self):
...@@ -38,17 +37,19 @@ class TestAssignRoleToLdapGroup(unittest.TestCase): ...@@ -38,17 +37,19 @@ class TestAssignRoleToLdapGroup(unittest.TestCase):
2. Create a new public project(PA) by Admin; 2. Create a new public project(PA) by Admin;
3. Add 3 member groups to project(PA); 3. Add 3 member groups to project(PA);
4. Push image by each member role; 4. Push image by each member role;
5. Verfify that admin_user and dev_user can push image, guest_user can not push image; 5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member;
6. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs. 6. Verfify that admin_user and dev_user can push image, guest_user can not push image;
7. Delete repository(RA) by user(UA); 7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs.
8. Delete project(PA); 8. Delete repository(RA) by user(UA);
9. Delete project(PA);
""" """
url = ADMIN_CLIENT["endpoint"] url = ADMIN_CLIENT["endpoint"]
USER_ADMIN=dict(endpoint = url, username = "admin_user", password = "zhu88jie", repo = "hello-world") USER_ADMIN=dict(endpoint = url, username = "admin_user", password = "zhu88jie", repo = "hello-world")
USER_DEV=dict(endpoint = url, username = "dev_user", password = "zhu88jie", repo = "alpine") USER_DEV=dict(endpoint = url, username = "dev_user", password = "zhu88jie", repo = "alpine")
USER_GUEST=dict(endpoint = url, username = "guest_user", password = "zhu88jie", repo = "busybox") USER_GUEST=dict(endpoint = url, username = "guest_user", password = "zhu88jie", repo = "busybox")
USER_TEST=dict(endpoint = url, username = "test", password = "123456") USER_TEST=dict(endpoint = url, username = "test", password = "123456")
USER_MIKE=dict(endpoint = url, username = "mike", password = "zhu88jie")
#USER001 is in group harbor_group3
self.conf.set_configurations_of_ldap(ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", self.conf.set_configurations_of_ldap(ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com",
ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT)
...@@ -56,10 +57,19 @@ class TestAssignRoleToLdapGroup(unittest.TestCase): ...@@ -56,10 +57,19 @@ class TestAssignRoleToLdapGroup(unittest.TestCase):
self.project.add_project_members(project_id, member_role_id = 1, _ldap_group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members(project_id, member_role_id = 1, _ldap_group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT)
self.project.add_project_members(project_id, member_role_id = 2, _ldap_group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members(project_id, member_role_id = 2, _ldap_group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT)
self.project.add_project_members(project_id, member_role_id = 3, _ldap_group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members(project_id, member_role_id = 3, _ldap_group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT)
projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN) projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN)
self.assertTrue(len(projects) == 1) self.assertTrue(len(projects) == 1)
self.assertEqual(1, projects[0].current_user_role_id) self.assertEqual(1, projects[0].current_user_role_id)
#Mike has logged in harbor in previous test.
mike = self.user.get_user_by_name(USER_MIKE["username"], **ADMIN_CLIENT)
#Verify role difference in add project member feature, to distinguish between admin and dev role
self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, **USER_ADMIN)
self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, expect_status_code=403, **USER_DEV)
self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, expect_status_code=403, **USER_GUEST)
repo_name_admin, _ = push_image_to_project(project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest") repo_name_admin, _ = push_image_to_project(project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest")
artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN) artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN)
self.assertTrue(len(artifacts) == 1) self.assertTrue(len(artifacts) == 1)
...@@ -70,7 +80,6 @@ class TestAssignRoleToLdapGroup(unittest.TestCase): ...@@ -70,7 +80,6 @@ class TestAssignRoleToLdapGroup(unittest.TestCase):
artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST) artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST)
self.assertTrue(len(artifacts) == 0) self.assertTrue(len(artifacts) == 0)
self.assertTrue(self.project.query_user_logs(project_name, **USER_ADMIN)>0, "admin user can see logs") self.assertTrue(self.project.query_user_logs(project_name, **USER_ADMIN)>0, "admin user can see logs")
self.assertTrue(self.project.query_user_logs(project_name, **USER_DEV)>0, "dev user can see logs") self.assertTrue(self.project.query_user_logs(project_name, **USER_DEV)>0, "dev user can see logs")
self.assertTrue(self.project.query_user_logs(project_name, **USER_GUEST)>0, "guest user can see logs") self.assertTrue(self.project.query_user_logs(project_name, **USER_GUEST)>0, "guest user can see logs")
......
...@@ -14,7 +14,7 @@ class TestLdapAdminRole(unittest.TestCase): ...@@ -14,7 +14,7 @@ class TestLdapAdminRole(unittest.TestCase):
def setUp(self): def setUp(self):
url = ADMIN_CLIENT["endpoint"] url = ADMIN_CLIENT["endpoint"]
self.conf= Configurations() self.conf= Configurations()
self.uesr = User() self.user = User()
self.project = Project() self.project = Project()
self.USER_MIKE=dict(endpoint = url, username = "mike", password = "zhu88jie") self.USER_MIKE=dict(endpoint = url, username = "mike", password = "zhu88jie")
...@@ -41,7 +41,7 @@ class TestLdapAdminRole(unittest.TestCase): ...@@ -41,7 +41,7 @@ class TestLdapAdminRole(unittest.TestCase):
TestLdapAdminRole.project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_MIKE) TestLdapAdminRole.project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_MIKE)
self.project.check_project_name_exist(name=project_name, **self.USER_MIKE) self.project.check_project_name_exist(name=project_name, **self.USER_MIKE)
_user = self.uesr.get_user_by_name(self.USER_MIKE["username"], **ADMIN_CLIENT) _user = self.user.get_user_by_name(self.USER_MIKE["username"], **ADMIN_CLIENT)
self.assertFalse(_user.sysadmin_flag) self.assertFalse(_user.sysadmin_flag)
......
...@@ -23,6 +23,18 @@ ...@@ -23,6 +23,18 @@
{ {
"branch":2, "branch":2,
"version":"1.10" "version":"1.10"
},
{
"branch":2,
"version":"2.0"
},
{
"branch":2,
"version":"2.1"
},
{
"branch":2,
"version":"2.2"
} }
], ],
"add_member":[ "add_member":[
...@@ -49,6 +61,18 @@ ...@@ -49,6 +61,18 @@
{ {
"branch":2, "branch":2,
"version":"1.10" "version":"1.10"
},
{
"branch":2,
"version":"2.0"
},
{
"branch":2,
"version":"2.1"
},
{
"branch":2,
"version":"2.2"
} }
], ],
"set_user_admin":[ "set_user_admin":[
...@@ -75,6 +99,18 @@ ...@@ -75,6 +99,18 @@
{ {
"branch":2, "branch":2,
"version":"1.10" "version":"1.10"
},
{
"branch":2,
"version":"2.0"
},
{
"branch":2,
"version":"2.1"
},
{
"branch":2,
"version":"2.2"
} }
], ],
"add_endpoint":[ "add_endpoint":[
...@@ -101,6 +137,18 @@ ...@@ -101,6 +137,18 @@
{ {
"branch":2, "branch":2,
"version":"1.10" "version":"1.10"
},
{
"branch":2,
"version":"2.0"
},
{
"branch":2,
"version":"2.1"
},
{
"branch":2,
"version":"2.2"
} }
], ],
"add_replication_rule":[ "add_replication_rule":[
...@@ -127,6 +175,18 @@ ...@@ -127,6 +175,18 @@
{ {
"branch":2, "branch":2,
"version":"1.10" "version":"1.10"
},
{
"branch":2,
"version":"2.0"
},
{
"branch":2,
"version":"2.1"
},
{
"branch":2,
"version":"2.2"
} }
], ],
"add_sys_allowlist":[ "add_sys_allowlist":[
...@@ -137,6 +197,18 @@ ...@@ -137,6 +197,18 @@
{ {
"branch":1, "branch":1,
"version":"1.10" "version":"1.10"
},
{
"branch":1,
"version":"2.0"
},
{
"branch":1,
"version":"2.1"
},
{
"branch":1,
"version":"2.2"
} }
], ],
"update_project_setting_allowlist":[ "update_project_setting_allowlist":[
...@@ -147,6 +219,18 @@ ...@@ -147,6 +219,18 @@
{ {
"branch":1, "branch":1,
"version":"1.10" "version":"1.10"
},
{
"branch":1,
"version":"2.0"
},
{
"branch":1,
"version":"2.1"
},
{
"branch":1,
"version":"2.2"
} }
], ],
"add_project_robot_account":[ "add_project_robot_account":[
...@@ -161,6 +245,18 @@ ...@@ -161,6 +245,18 @@
{ {
"branch":1, "branch":1,
"version":"1.10" "version":"1.10"
},
{
"branch":1,
"version":"2.0"
},
{
"branch":1,
"version":"2.1"
},
{
"branch":1,
"version":"2.2"
} }
], ],
"add_tag_retention_rule":[ "add_tag_retention_rule":[
...@@ -171,12 +267,36 @@ ...@@ -171,12 +267,36 @@
{ {
"branch":1, "branch":1,
"version":"1.10" "version":"1.10"
},
{
"branch":1,
"version":"2.0"
},
{
"branch":1,
"version":"2.1"
},
{
"branch":1,
"version":"2.2"
} }
], ],
"add_tag_immutability_rule":[ "add_tag_immutability_rule":[
{ {
"branch":1, "branch":1,
"version":"1.10" "version":"1.10"
},
{
"branch":1,
"version":"2.0"
},
{
"branch":1,
"version":"2.1"
},
{
"branch":1,
"version":"2.2"
} }
], ],
"add_webhook":[ "add_webhook":[
...@@ -187,6 +307,18 @@ ...@@ -187,6 +307,18 @@
{ {
"branch":1, "branch":1,
"version":"1.10" "version":"1.10"
},
{
"branch":1,
"version":"2.0"
},
{
"branch":1,
"version":"2.1"
},
{
"branch":1,
"version":"2.2"
} }
], ],
"update_interrogation_services":[ "update_interrogation_services":[
...@@ -197,6 +329,32 @@ ...@@ -197,6 +329,32 @@
{ {
"branch":1, "branch":1,
"version":"1.10" "version":"1.10"
},
{
"branch":1,
"version":"2.0"
},
{
"branch":1,
"version":"2.1"
},
{
"branch":1,
"version":"2.2"
}
],
"push_artifact":[
{
"branch":1,
"version":"2.0"
},
{
"branch":1,
"version":"2.1"
},
{
"branch":1,
"version":"2.2"
} }
] ]
} }
...@@ -403,6 +403,8 @@ class HarborAPI: ...@@ -403,6 +403,8 @@ class HarborAPI:
pass pass
open(target, 'wb').write(ca_content.encode('utf-8')) open(target, 'wb').write(ca_content.encode('utf-8'))
@get_feature_branch
def push_artifact(self, project, **kwargs):
def request(url, method, user = None, userp = None, **kwargs): def request(url, method, user = None, userp = None, **kwargs):
if user is None: if user is None:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment