Skip to content

Commit

Permalink
add test case project level policy content trust. (#6309)
Browse files Browse the repository at this point in the history 
Add test case project level policy content trust.
Signed-off-by: danfengliu <danfengl@vmware.com>
  • Loading branch information
@danfengliu
danfengliu committed Nov 21, 2018
1 parent 88cab5b commit ad77098
Show file tree
Hide file tree
Showing 4 changed files with 130 additions and 9 deletions.
18 changes: 11 additions & 7 deletions tests/apitests/python/library/docker_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,16 +19,20 @@ def docker_login(self, registry, username, password):
except docker.errors.APIError, e:
raise Exception(r" Docker login failed, error is [{}]".format (e.message))

def docker_image_pull(self, image, tag = None):
_tag = "latest"
def docker_image_pull(self, image, tag = None, expected_error_message = None):
if tag is not None:
_tag = tag
else:
_tag = "latest"
try:
tag = base._random_name("tag")
pull_ret = base._get_string_from_unicode(self.DCLIENT.pull('{}:{}'.format(image, _tag)))
print "pull_ret:", pull_ret
except docker.errors.APIError, e:
raise Exception(r" Docker pull image {} failed, error is [{}]".format (image, e.message))
base._get_string_from_unicode(self.DCLIENT.pull(r'{}:{}'.format(image, _tag)))
except Exception, err:
if expected_error_message is not None:
print "docker image pull error:", str(err)
if str(err).lower().find(expected_error_message.lower()) < 0:
raise Exception(r"Pull image: Return message {} is not as expected {}".format(return_message, expected_error_message))
else:
raise Exception(r" Docker pull image {} failed, error is [{}]".format (image, e.message))

def docker_image_tag(self, image, harbor_registry, tag = None):
_tag = base._random_name("tag")
Expand Down
27 changes: 26 additions & 1 deletion tests/apitests/python/library/repository.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,24 @@
import swagger_client
from docker_api import DockerAPI

def pull_harbor_image(registry, username, password, image, tag, expected_error_message = None):
_docker_api = DockerAPI()
_docker_api.docker_login(registry, username, password)
time.sleep(2)
_docker_api.docker_image_pull(r'{}/{}'.format(registry, image), tag = tag, expected_error_message = expected_error_message)

def pull_harbor_image_successfully(registry, username, password, image, tag):
pull_harbor_image(registry, username, password, image, tag)

def pull_harbor_image_unsuccessfully(registry, username, password, image, tag, expected_error_message):
pull_harbor_image(registry, username, password, image, tag, expected_error_message = expected_error_message)

def push_image_to_project(project_name, registry, username, password, image, tag):
_docker_api = DockerAPI()
_docker_api.docker_login(registry, username, password)
time.sleep(2)

_docker_api.docker_image_pull(image, tag)
_docker_api.docker_image_pull(image, tag = tag)
time.sleep(2)

new_harbor_registry, new_tag = _docker_api.docker_image_tag(image, r'{}/{}/{}'.format(registry, project_name, image))
Expand All @@ -20,6 +32,13 @@ def push_image_to_project(project_name, registry, username, password, image, tag

return r'{}/{}'.format(project_name, image), new_tag

def is_repo_exist_in_project(repositories, repo_name):
result = False
for reop in repositories:
if reop.name == repo_name:
return True
return result

class Repository(base.Base):

def list_tags(self, repository, **kwargs):
Expand Down Expand Up @@ -108,3 +127,9 @@ def scan_not_scanned_image_success(self, repo_name, tag, **kwargs):
self.scan_image(repo_name, tag, **kwargs)
self.check_image_scan_result(repo_name, tag, **kwargs)

def repository_should_exist(self, project_id, repo_name, **kwargs):
repositories = self.get_repository(project_id, **kwargs)
if is_repo_exist_in_project(repositories, repo_name) == False:
raise Exception("Repository {} is not exist.".format(repo_name))


90 changes: 90 additions & 0 deletions tests/apitests/python/test_project_level_policy_content_trust.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
from __future__ import absolute_import

import unittest

from testutils import ADMIN_CLIENT
from testutils import harbor_server

from testutils import TEARDOWN
from library.project import Project
from library.user import User
from library.repository import Repository
from library.repository import push_image_to_project
from library.repository import pull_harbor_image_successfully
from library.repository import pull_harbor_image_unsuccessfully

class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
project = Project()
self.project= project

user = User()
self.user= user

repo = Repository()
self.repo= repo

@classmethod
def tearDown(self):
print "Case completed"

@unittest.skipIf(TEARDOWN == False, "Test data should be remain in the harbor.")
def test_ClearData(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(TestProjects.repo_name, **TestProjects.USER_CONTENT_TRUST_CLIENT)

#2. Delete project(PA);
self.project.delete_project(TestProjects.project_content_trust_id, **TestProjects.USER_CONTENT_TRUST_CLIENT)

#3. Delete user(UA);
self.user.delete_user(TestProjects.user_content_trust_id, **ADMIN_CLIENT)

def testProjectLevelPolicyContentTrust(self):
"""
Test case:
Project Level Policy Content Trust
Test step & Expectation:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push a new image(IA) in project(PA) by admin;
4. Image(IA) should exist;
5. Pull image(IA) successfully;
6. Enable content trust in project(PA) configuration;
7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
url = ADMIN_CLIENT["endpoint"]
admin_name = ADMIN_CLIENT["username"]
admin_password = ADMIN_CLIENT["password"]
user_content_trust_password = "Aa123456"

#1. Create a new user(UA);
TestProjects.user_content_trust_id, user_content_trust_name = self.user.create_user_success(user_password = user_content_trust_password, **ADMIN_CLIENT)

TestProjects.USER_CONTENT_TRUST_CLIENT=dict(endpoint = url, username = user_content_trust_name, password = user_content_trust_password)

#2. Create a new project(PA) by user(UA);
TestProjects.project_content_trust_id, project_content_trust_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CONTENT_TRUST_CLIENT)

#3. Push a new image(IA) in project(PA) by admin;
TestProjects.repo_name, tag = push_image_to_project(project_content_trust_name, harbor_server, admin_name, admin_password, "hello-world", "latest")

#4. Image(IA) should exist;
self.repo.image_should_exist(TestProjects.repo_name, tag, **TestProjects.USER_CONTENT_TRUST_CLIENT)

#5. Pull image(IA) successfully;
pull_harbor_image_successfully(harbor_server, admin_name, admin_password, TestProjects.repo_name, tag)

#6. Enable content trust in project(PA) configuration;
self.project.update_project(TestProjects.project_content_trust_id, metadata = {"enable_content_trust": "true"}, **TestProjects.USER_CONTENT_TRUST_CLIENT)

#7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
pull_harbor_image_unsuccessfully(harbor_server, admin_name, admin_password, TestProjects.repo_name, tag, "The image is not signed in Notary")

if __name__ == '__main__':
unittest.main()

4 changes: 3 additions & 1 deletion tests/robot-cases/Group0-BAT/API_DB.robot
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,6 @@ Test Case - Edit Project Creation
Test Case - Scan Image
Harbor API Test ./tests/apitests/python/test_scan_image.py
Test Case - Manage Project Member
Harbor API Test ./tests/apitests/python/test_manage_project_member.py
Harbor API Test ./tests/apitests/python/test_manage_project_member.py
Test Case - Project Level Policy Content Trust
Harbor API Test ./tests/apitests/python/test_project_level_policy_content_trust.py

0 comments on commit ad77098

Please sign in to comment.