diff --git a/tests/apitests/python/library/project.py b/tests/apitests/python/library/project.py index af2aeefc6..85bdb2595 100644 --- a/tests/apitests/python/library/project.py +++ b/tests/apitests/python/library/project.py @@ -189,7 +189,7 @@ class Project(base.Base): base._assert_status_code(expect_status_code, status_code) base._assert_status_code(200, status_code) - def add_project_members(self, project_id, user_id = None, member_role_id = None, _ldap_group_dn=None,expect_status_code = 201, **kwargs): + def add_project_members(self, project_id, user_id = None, member_role_id = None, _ldap_group_dn=None, expect_status_code = 201, **kwargs): kwargs['api_type'] = 'products' projectMember = swagger_client.ProjectMember() if user_id is not None: @@ -203,9 +203,13 @@ class Project(base.Base): client = self._get_client(**kwargs) data = [] - data, status_code, header = client.projects_project_id_members_post_with_http_info(project_id, project_member = projectMember) - base._assert_status_code(expect_status_code, status_code) - return base._get_id_from_header(header) + try: + data, status_code, header = client.projects_project_id_members_post_with_http_info(project_id, project_member = projectMember) + except swagger_client.rest.ApiException as e: + base._assert_status_code(expect_status_code, e.status) + else: + base._assert_status_code(expect_status_code, status_code) + return base._get_id_from_header(header) def add_project_robot_account(self, project_id, project_name, expires_at, robot_name = None, robot_desc = None, has_pull_right = True, has_push_right = True, has_chart_read_right = True, has_chart_create_right = True, expect_status_code = 201, **kwargs): kwargs['api_type'] = 'products' diff --git a/tests/apitests/python/library/user.py b/tests/apitests/python/library/user.py index 3be67cbf0..0dcc75d4d 100644 --- a/tests/apitests/python/library/user.py +++ b/tests/apitests/python/library/user.py @@ -2,11 +2,12 @@ import base import swagger_client +from swagger_client.rest import ApiException class User(base.Base): def create_user(self, name=None, - email = None, user_password=None, realname = None, role_id = None, **kwargs): + email = None, user_password=None, realname = None, role_id = None, expect_status_code=201, **kwargs): if name is None: name = base._random_name("user") if realname is None: @@ -20,13 +21,16 @@ class User(base.Base): client = self._get_client(**kwargs) user = swagger_client.User(username = name, email = email, password = user_password, realname = realname, role_id = role_id) - _, status_code, header = client.users_post_with_http_info(user) - base._assert_status_code(201, status_code) + try: + _, status_code, header = client.users_post_with_http_info(user) + except ApiException as e: + base._assert_status_code(expect_status_code, e.status) + else: + base._assert_status_code(expect_status_code, status_code) + return base._get_id_from_header(header), name - return base._get_id_from_header(header), name - - def get_users(self, user_name=None, email=None, page=None, page_size=None, **kwargs): + def get_users(self, user_name=None, email=None, page=None, page_size=None, expect_status_code=200, **kwargs): client = self._get_client(**kwargs) params={} if user_name is not None: @@ -37,9 +41,13 @@ class User(base.Base): params["page"] = page if page_size is not None: params["page_size"] = page_size - data, status_code, _ = client.users_get_with_http_info(**params) - base._assert_status_code(200, status_code) - return data + try: + data, status_code, _ = client.users_get_with_http_info(**params) + except ApiException as e: + base._assert_status_code(expect_status_code, e.status) + else: + base._assert_status_code(expect_status_code, status_code) + return data def get_user_by_id(self, user_id, **kwargs): client = self._get_client(**kwargs) @@ -47,8 +55,8 @@ class User(base.Base): base._assert_status_code(200, status_code) return data - def get_user_by_name(self, name, **kwargs): - users = self.get_users(user_name=name, **kwargs) + def get_user_by_name(self, name, expect_status_code=200, **kwargs): + users = self.get_users(user_name=name, expect_status_code=expect_status_code , **kwargs) for user in users: if user.username == name: return user diff --git a/tests/apitests/python/test_assign_role_to_ldap_group.py b/tests/apitests/python/test_assign_role_to_ldap_group.py index bd360ae0d..5eeb99349 100644 --- a/tests/apitests/python/test_assign_role_to_ldap_group.py +++ b/tests/apitests/python/test_assign_role_to_ldap_group.py @@ -10,7 +10,6 @@ from library.user import User from library.repository import Repository from library.repository import push_image_to_project from library.artifact import Artifact -from library.scan import Scan from library.scanner import Scanner from library.configurations import Configurations from library.projectV2 import ProjectV2 @@ -23,7 +22,7 @@ class TestAssignRoleToLdapGroup(unittest.TestCase): self.project = Project() self.artifact = Artifact() self.repo = Repository() - self.scan = Scan() + self.user= User() @classmethod def tearDown(self): @@ -38,17 +37,19 @@ class TestAssignRoleToLdapGroup(unittest.TestCase): 2. Create a new public project(PA) by Admin; 3. Add 3 member groups to project(PA); 4. Push image by each member role; - 5. Verfify that admin_user and dev_user can push image, guest_user can not push image; - 6. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs. - 7. Delete repository(RA) by user(UA); - 8. Delete project(PA); + 5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member; + 6. Verfify that admin_user and dev_user can push image, guest_user can not push image; + 7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs. + 8. Delete repository(RA) by user(UA); + 9. Delete project(PA); """ url = ADMIN_CLIENT["endpoint"] USER_ADMIN=dict(endpoint = url, username = "admin_user", password = "zhu88jie", repo = "hello-world") USER_DEV=dict(endpoint = url, username = "dev_user", password = "zhu88jie", repo = "alpine") USER_GUEST=dict(endpoint = url, username = "guest_user", password = "zhu88jie", repo = "busybox") USER_TEST=dict(endpoint = url, username = "test", password = "123456") - + USER_MIKE=dict(endpoint = url, username = "mike", password = "zhu88jie") + #USER001 is in group harbor_group3 self.conf.set_configurations_of_ldap(ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) @@ -56,10 +57,19 @@ class TestAssignRoleToLdapGroup(unittest.TestCase): self.project.add_project_members(project_id, member_role_id = 1, _ldap_group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members(project_id, member_role_id = 2, _ldap_group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members(project_id, member_role_id = 3, _ldap_group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) + projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN) self.assertTrue(len(projects) == 1) self.assertEqual(1, projects[0].current_user_role_id) + #Mike has logged in harbor in previous test. + mike = self.user.get_user_by_name(USER_MIKE["username"], **ADMIN_CLIENT) + + #Verify role difference in add project member feature, to distinguish between admin and dev role + self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, **USER_ADMIN) + self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, expect_status_code=403, **USER_DEV) + self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, expect_status_code=403, **USER_GUEST) + repo_name_admin, _ = push_image_to_project(project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN) self.assertTrue(len(artifacts) == 1) @@ -70,7 +80,6 @@ class TestAssignRoleToLdapGroup(unittest.TestCase): artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST) self.assertTrue(len(artifacts) == 0) - self.assertTrue(self.project.query_user_logs(project_name, **USER_ADMIN)>0, "admin user can see logs") self.assertTrue(self.project.query_user_logs(project_name, **USER_DEV)>0, "dev user can see logs") self.assertTrue(self.project.query_user_logs(project_name, **USER_GUEST)>0, "guest user can see logs") diff --git a/tests/apitests/python/test_ldap_admin_role.py b/tests/apitests/python/test_ldap_admin_role.py index f1ad2a4d9..0da435803 100644 --- a/tests/apitests/python/test_ldap_admin_role.py +++ b/tests/apitests/python/test_ldap_admin_role.py @@ -14,7 +14,7 @@ class TestLdapAdminRole(unittest.TestCase): def setUp(self): url = ADMIN_CLIENT["endpoint"] self.conf= Configurations() - self.uesr = User() + self.user = User() self.project = Project() self.USER_MIKE=dict(endpoint = url, username = "mike", password = "zhu88jie") @@ -41,7 +41,7 @@ class TestLdapAdminRole(unittest.TestCase): TestLdapAdminRole.project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_MIKE) self.project.check_project_name_exist(name=project_name, **self.USER_MIKE) - _user = self.uesr.get_user_by_name(self.USER_MIKE["username"], **ADMIN_CLIENT) + _user = self.user.get_user_by_name(self.USER_MIKE["username"], **ADMIN_CLIENT) self.assertFalse(_user.sysadmin_flag) diff --git a/tests/robot-cases/Group3-Upgrade/feature_map.json b/tests/robot-cases/Group3-Upgrade/feature_map.json index 2a779fe52..c841e5143 100644 --- a/tests/robot-cases/Group3-Upgrade/feature_map.json +++ b/tests/robot-cases/Group3-Upgrade/feature_map.json @@ -23,6 +23,18 @@ { "branch":2, "version":"1.10" + }, + { + "branch":2, + "version":"2.0" + }, + { + "branch":2, + "version":"2.1" + }, + { + "branch":2, + "version":"2.2" } ], "add_member":[ @@ -49,6 +61,18 @@ { "branch":2, "version":"1.10" + }, + { + "branch":2, + "version":"2.0" + }, + { + "branch":2, + "version":"2.1" + }, + { + "branch":2, + "version":"2.2" } ], "set_user_admin":[ @@ -75,6 +99,18 @@ { "branch":2, "version":"1.10" + }, + { + "branch":2, + "version":"2.0" + }, + { + "branch":2, + "version":"2.1" + }, + { + "branch":2, + "version":"2.2" } ], "add_endpoint":[ @@ -101,6 +137,18 @@ { "branch":2, "version":"1.10" + }, + { + "branch":2, + "version":"2.0" + }, + { + "branch":2, + "version":"2.1" + }, + { + "branch":2, + "version":"2.2" } ], "add_replication_rule":[ @@ -127,6 +175,18 @@ { "branch":2, "version":"1.10" + }, + { + "branch":2, + "version":"2.0" + }, + { + "branch":2, + "version":"2.1" + }, + { + "branch":2, + "version":"2.2" } ], "add_sys_allowlist":[ @@ -137,6 +197,18 @@ { "branch":1, "version":"1.10" + }, + { + "branch":1, + "version":"2.0" + }, + { + "branch":1, + "version":"2.1" + }, + { + "branch":1, + "version":"2.2" } ], "update_project_setting_allowlist":[ @@ -147,6 +219,18 @@ { "branch":1, "version":"1.10" + }, + { + "branch":1, + "version":"2.0" + }, + { + "branch":1, + "version":"2.1" + }, + { + "branch":1, + "version":"2.2" } ], "add_project_robot_account":[ @@ -161,6 +245,18 @@ { "branch":1, "version":"1.10" + }, + { + "branch":1, + "version":"2.0" + }, + { + "branch":1, + "version":"2.1" + }, + { + "branch":1, + "version":"2.2" } ], "add_tag_retention_rule":[ @@ -171,12 +267,36 @@ { "branch":1, "version":"1.10" + }, + { + "branch":1, + "version":"2.0" + }, + { + "branch":1, + "version":"2.1" + }, + { + "branch":1, + "version":"2.2" } ], "add_tag_immutability_rule":[ { "branch":1, "version":"1.10" + }, + { + "branch":1, + "version":"2.0" + }, + { + "branch":1, + "version":"2.1" + }, + { + "branch":1, + "version":"2.2" } ], "add_webhook":[ @@ -187,6 +307,18 @@ { "branch":1, "version":"1.10" + }, + { + "branch":1, + "version":"2.0" + }, + { + "branch":1, + "version":"2.1" + }, + { + "branch":1, + "version":"2.2" } ], "update_interrogation_services":[ @@ -197,6 +329,32 @@ { "branch":1, "version":"1.10" + }, + { + "branch":1, + "version":"2.0" + }, + { + "branch":1, + "version":"2.1" + }, + { + "branch":1, + "version":"2.2" + } + ], + "push_artifact":[ + { + "branch":1, + "version":"2.0" + }, + { + "branch":1, + "version":"2.1" + }, + { + "branch":1, + "version":"2.2" } ] } diff --git a/tests/robot-cases/Group3-Upgrade/prepare.py b/tests/robot-cases/Group3-Upgrade/prepare.py index cea96d534..2558218b0 100644 --- a/tests/robot-cases/Group3-Upgrade/prepare.py +++ b/tests/robot-cases/Group3-Upgrade/prepare.py @@ -403,6 +403,8 @@ class HarborAPI: pass open(target, 'wb').write(ca_content.encode('utf-8')) + @get_feature_branch + def push_artifact(self, project, **kwargs): def request(url, method, user = None, userp = None, **kwargs): if user is None: