diff --git a/tests/apitests/python/library/sign.py b/tests/apitests/python/library/sign.py new file mode 100644 index 000000000..cc449c537 --- /dev/null +++ b/tests/apitests/python/library/sign.py @@ -0,0 +1,10 @@ +# -*- coding: utf-8 -*- +import subprocess + +def sign_image(registry_ip, project_name, image, tag): + try: + ret = subprocess.check_output(["./tests/apitests/python/sign_image.sh", registry_ip, project_name, image, tag], shell=False) + print "sign_image return: ", ret + except subprocess.CalledProcessError, exc: + raise Exception("Failed to sign image error is {} {}.".format(exc.returncode, exc.output)) + diff --git a/tests/apitests/python/sign_image.sh b/tests/apitests/python/sign_image.sh new file mode 100755 index 000000000..00635cdab --- /dev/null +++ b/tests/apitests/python/sign_image.sh @@ -0,0 +1,20 @@ +#!/bin/sh +IP=$1 +PASSHRASE='Harbor12345' + +echo $IP + +export DOCKER_CONTENT_TRUST=1 +export DOCKER_CONTENT_TRUST_SERVER=https://$IP:4443 + +export NOTARY_ROOT_PASSPHRASE=$PASSHRASE +export NOTARY_TARGETS_PASSPHRASE=$PASSHRASE +export NOTARY_SNAPSHOT_PASSPHRASE=$PASSHRASE +export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=$PASSHRASE +export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$PASSHRASE +export DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=$PASSHRASE +export DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=$PASSHRASE + +docker login -u admin -p Harbor12345 $IP +docker push $IP/$2/$3:$4 + diff --git a/tests/apitests/python/test_sign_image.py b/tests/apitests/python/test_sign_image.py new file mode 100644 index 000000000..6329f8404 --- /dev/null +++ b/tests/apitests/python/test_sign_image.py @@ -0,0 +1,85 @@ +from __future__ import absolute_import +import unittest + +from library.sign import sign_image +from testutils import ADMIN_CLIENT +from testutils import harbor_server +from testutils import TEARDOWN +from library.project import Project +from library.user import User +from library.repository import Repository +from library.repository import push_image_to_project + +class TestProjects(unittest.TestCase): + @classmethod + def setUp(self): + project = Project() + self.project= project + + user = User() + self.user= user + + repo = Repository() + self.repo= repo + + @classmethod + def tearDown(self): + print "Case completed" + + @unittest.skipIf(TEARDOWN == True, "Test data won't be erased.") + def test_ClearData(self): + #1. Delete repository(RA) by user(UA); + self.repo.delete_repoitory(TestProjects.repo_name, **TestProjects.USER_sign_image_CLIENT) + + #2. Delete project(PA); + self.project.delete_project(TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT) + + #3. Delete user(UA); + self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT) + + def testSignImage(self): + """ + Test case: + Sign A Image + Test step and expected result: + 1. Create a new user(UA); + 2. Create a new private project(PA) by user(UA); + 3. Add user(UA) as a member of project(PA) with project-admin role; + 4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); + 5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); + 6. Sign image with tag(TA) which was tagged by step #5; + 7. Get signature of image with tag(TA), it should be exist. + Tear down: + NA + """ + url = ADMIN_CLIENT["endpoint"] + user_001_password = "Aa123456" + + #1. Create user-001 + TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user(user_password = user_001_password, **ADMIN_CLIENT) + + TestProjects.USER_sign_image_CLIENT=dict(endpoint = url, username = user_sign_image_name, password = user_001_password) + + #2. Create a new private project(PA) by user(UA); + TestProjects.project_sign_image_id, project_sign_image_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT) + + #3. Add user(UA) as a member of project(PA) with project-admin role; + self.project.add_project_members(TestProjects.project_sign_image_id, TestProjects.user_sign_image_id, **ADMIN_CLIENT) + + #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); + self.project.projects_should_exist(dict(public=False), expected_count = 1, + expected_project_id = TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT) + + image = "hello-world" + src_tag = "latest" + #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); + TestProjects.repo_name, tag = push_image_to_project(project_sign_image_name, harbor_server, user_sign_image_name, user_001_password, image, src_tag) + + #6. Sign image with tag(TA) which was tagged by step #5; + sign_image(harbor_server, project_sign_image_name, image, tag) + + #7. Get signature of image with tag(TA), it should be exist. + self.repo.signature_should_exist(TestProjects.repo_name, tag, **TestProjects.USER_sign_image_CLIENT) + +if __name__ == '__main__': + unittest.main() diff --git a/tests/robot-cases/Group0-BAT/API_DB.robot b/tests/robot-cases/Group0-BAT/API_DB.robot index 3fa18eef1..e65452d82 100644 --- a/tests/robot-cases/Group0-BAT/API_DB.robot +++ b/tests/robot-cases/Group0-BAT/API_DB.robot @@ -46,4 +46,6 @@ Test Case - Assign Sys Admin Test Case - Retag Image Harbor API Test ./tests/apitests/python/test_retag.py Test Case - Robot Account - Harbor API Test ./tests/apitests/python/test_robot_account.py \ No newline at end of file + Harbor API Test ./tests/apitests/python/test_robot_account.py +Test Case - Sign A Image + Harbor API Test ./tests/apitests/python/test_sign_image.py diff --git a/tests/travis/api_common_install.sh b/tests/travis/api_common_install.sh index a700da360..f698bd534 100644 --- a/tests/travis/api_common_install.sh +++ b/tests/travis/api_common_install.sh @@ -8,7 +8,7 @@ set -e # prepare cert ... sudo sed "s/127.0.0.1/$1/" -i tests/generateCerts.sh sudo ./tests/generateCerts.sh -sudo mkdir -p /etc/docker/certs.d/$1 && sudo cp ./harbor_ca.crt /etc/docker/certs.d/$1/ +sudo mkdir -p /etc/docker/certs.d/$1 && sudo cp ./tests/harbor_ca.crt /etc/docker/certs.d/$1/ && rm -rf ~/.docker/ && mkdir -p ~/.docker/tls/$1:4443/ && sudo cp ./tests/harbor_ca.crt ~/.docker/tls/$1:4443/ sudo ./tests/hostcfg.sh