From 09d1f8e9fcffca6fe581cbab3c6f6eabfe780ee7 Mon Sep 17 00:00:00 2001 From: Shengwen YU Date: Fri, 2 Feb 2024 14:07:30 +0800 Subject: [PATCH 1/3] fix: cve export label filter xpath (#19931) Signed-off-by: Shengwen Yu --- tests/resources/Harbor-Pages/Project.robot | 2 +- tests/resources/Harbor-Pages/SecurityHub.robot | 9 +++++++++ tests/resources/Harbor-Pages/SecurityHub_Elements.robot | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/resources/Harbor-Pages/Project.robot b/tests/resources/Harbor-Pages/Project.robot index adedc655b91..4d469f25801 100644 --- a/tests/resources/Harbor-Pages/Project.robot +++ b/tests/resources/Harbor-Pages/Project.robot @@ -421,7 +421,7 @@ Export CVEs Retry Button Click ${export_cve_btn} Retry Text Input ${export_cve_filter_repo_input} ${repositories} Retry Text Input ${export_cve_filter_tag_input} ${tags} - Select Filter Label @{labels} + Select Filter Label For CVE Export @{labels} Retry Text Input ${export_cve_filter_cveid_input} ${cve_ids} Retry Double Keywords When Error Retry Button Click ${export_btn} Retry Wait Until Page Contains Trigger exporting CVEs successfully! diff --git a/tests/resources/Harbor-Pages/SecurityHub.robot b/tests/resources/Harbor-Pages/SecurityHub.robot index a0b2932840f..16366fc2a07 100644 --- a/tests/resources/Harbor-Pages/SecurityHub.robot +++ b/tests/resources/Harbor-Pages/SecurityHub.robot @@ -273,3 +273,12 @@ Check The Quick Search Should Be Equal As Strings ${cve_input_value} ${cve} ${row_count}= Get Element Count ${vulnerabilities_datagrid_row} Retry Wait Element Count //div[@class='datagrid']//clr-dg-cell[1]//a[text()='${cve}'] ${row_count} + +Select Filter Label For CVE Export + [Arguments] @{labels} + Retry Element Click ${vulnerabilities_filter_label_xpath} + FOR ${label} IN @{labels} + Log ${label} + Retry Element Click //hbr-label-piece//span[contains(text(), '${label}')] + END + Retry Element Click ${vulnerabilities_filter_label_xpath} diff --git a/tests/resources/Harbor-Pages/SecurityHub_Elements.robot b/tests/resources/Harbor-Pages/SecurityHub_Elements.robot index 1056784221b..ade73bc6f8e 100644 --- a/tests/resources/Harbor-Pages/SecurityHub_Elements.robot +++ b/tests/resources/Harbor-Pages/SecurityHub_Elements.robot @@ -28,3 +28,4 @@ ${vulnerabilities_count_xpath} //clr-dg-footer//div[contains(@class,'datagrid-f ${vulnerabilities_filter_select} (//form//div[@class='clr-select-wrapper']//select) ${vulnerabilities_filter_input} (//form[contains(@class,'clr-form')]//input) ${vulnerabilities_datagrid_row} //clr-datagrid//clr-dg-row +${vulnerabilities_filter_label_xpath} //form//clr-dropdown[contains(@class,'dropdown')] From fb1e82854742d74b7ef035fe022b96d6f1ec9652 Mon Sep 17 00:00:00 2001 From: Shengwen YU Date: Fri, 2 Feb 2024 14:20:40 +0800 Subject: [PATCH 2/3] add UI test for project quota sorting (#19935) Signed-off-by: Shengwen Yu --- .../Administration-Project-Quotas.robot | 35 +++++++++++++++++++ ...ministration-Project-Quotas_Elements.robot | 20 +++++++++++ tests/resources/Util.robot | 2 ++ .../Group1-Nightly/Common_GC.robot | 19 ++++++++++ 4 files changed, 76 insertions(+) create mode 100644 tests/resources/Harbor-Pages/Administration-Project-Quotas.robot create mode 100644 tests/resources/Harbor-Pages/Administration-Project-Quotas_Elements.robot diff --git a/tests/resources/Harbor-Pages/Administration-Project-Quotas.robot b/tests/resources/Harbor-Pages/Administration-Project-Quotas.robot new file mode 100644 index 00000000000..a7a515c8be3 --- /dev/null +++ b/tests/resources/Harbor-Pages/Administration-Project-Quotas.robot @@ -0,0 +1,35 @@ +# Copyright Project Harbor Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + +*** Settings *** +Documentation This resource provides any keywords related to the Harbor private registry appliance +Resource ../../resources/Util.robot + +*** Variables *** + +*** Keywords *** +Switch to Project Quotas Tag + Retry Element Click xpath=${administration_project_quotas_tag_xpath} + Sleep 1 + +Check Project Quota Sorting + [Arguments] ${proj1} ${proj2} + # check project quota sorting in ascending order + Retry Element Click xpath=${sort_used_storage_button} + Retry Wait Element Visible //div[@class='datagrid-table']//clr-dg-row[2]//clr-dg-cell[1]//a[contains(text(), '${proj1}')] + Retry Wait Element Visible //div[@class='datagrid-table']//clr-dg-row[3]//clr-dg-cell[1]//a[contains(text(), '${proj2}')] + # check project quota sorting in descending order + Retry Element Click xpath=${sort_used_storage_button} + Retry Wait Element Visible //div[@class='datagrid-table']//clr-dg-row[1]//clr-dg-cell[1]//a[contains(text(), '${proj2}')] + Retry Wait Element Visible //div[@class='datagrid-table']//clr-dg-row[2]//clr-dg-cell[1]//a[contains(text(), '${proj1}')] diff --git a/tests/resources/Harbor-Pages/Administration-Project-Quotas_Elements.robot b/tests/resources/Harbor-Pages/Administration-Project-Quotas_Elements.robot new file mode 100644 index 00000000000..b73926f78c8 --- /dev/null +++ b/tests/resources/Harbor-Pages/Administration-Project-Quotas_Elements.robot @@ -0,0 +1,20 @@ +# Copyright Project Harbor Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + +*** Settings *** +Documentation This resource provides any keywords related to the Harbor private registry appliance + +*** Variables *** +${administration_project_quotas_tag_xpath} //clr-vertical-nav-group-children/a[contains(.,'Project Quotas')] +${sort_used_storage_button} //div[@class='datagrid-table']//div[@class='datagrid-header']//button[normalize-space()='Storage'] \ No newline at end of file diff --git a/tests/resources/Util.robot b/tests/resources/Util.robot index b368e9dbbe0..54972975c4c 100644 --- a/tests/resources/Util.robot +++ b/tests/resources/Util.robot @@ -50,6 +50,8 @@ Resource Harbor-Pages/Replication.robot Resource Harbor-Pages/Replication_Elements.robot Resource Harbor-Pages/UserProfile.robot Resource Harbor-Pages/UserProfile_Elements.robot +Resource Harbor-Pages/Administration-Project-Quotas.robot +Resource Harbor-Pages/Administration-Project-Quotas_Elements.robot Resource Harbor-Pages/Administration-Users.robot Resource Harbor-Pages/Administration-Users_Elements.robot Resource Harbor-Pages/GC.robot diff --git a/tests/robot-cases/Group1-Nightly/Common_GC.robot b/tests/robot-cases/Group1-Nightly/Common_GC.robot index 53befb63f61..f1fae64422b 100644 --- a/tests/robot-cases/Group1-Nightly/Common_GC.robot +++ b/tests/robot-cases/Group1-Nightly/Common_GC.robot @@ -23,6 +23,25 @@ ${SSH_USER} root ${HARBOR_ADMIN} admin *** Test Cases *** +Test Case - Project Quota Sorting + [Tags] project_quota_sorting + Init Chrome Driver + Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} + ${d1}= Get Current Date result_format=%m%s + Create An New Project And Go Into Project project${d1} + Push Image With Tag ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d1} alpine 2.6 2.6 + ${d2}= Get Current Date result_format=%m%s + Create An New Project And Go Into Project project${d2} + Push Image With Tag ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} project${d2} photon 2.0 2.0 + Switch to Project Quotas Tag + Check Project Quota Sorting project${d1} project${d2} + Go Into Project project${d1} + Delete Repo project${d1} alpine + Go Into Project project${d2} + Delete Repo project${d2} photon + GC Now + Close Browser + Test Case - Garbage Collection Init Chrome Driver ${d}= Get Current Date result_format=%m%s From a3e1b1eb7983ea9897fcbb999bec1a10c053849d Mon Sep 17 00:00:00 2001 From: MinerYang Date: Fri, 2 Feb 2024 18:15:25 +0800 Subject: [PATCH 3/3] add ip_family config in harbor.yml (#19934) add ipFamily config in values.yaml Signed-off-by: yminer update name update prepare and migration update comments Signed-off-by: yminer remove print msg update migrate template update default value update migrating template --- make/harbor.yml.tmpl | 10 +++++++++ .../version_2_10_0/harbor.yml.jinja | 22 +++++++++++++++++++ .../migrations/version_2_9_0/harbor.yml.jinja | 22 +++++++++++++++++++ .../templates/nginx/nginx.https.conf.jinja | 4 ++++ .../prepare/templates/portal/nginx.conf.jinja | 5 +++++ make/photon/prepare/utils/configs.py | 3 +++ make/photon/prepare/utils/nginx.py | 3 ++- make/photon/prepare/utils/portal.py | 1 + 8 files changed, 69 insertions(+), 1 deletion(-) diff --git a/make/harbor.yml.tmpl b/make/harbor.yml.tmpl index 19f1c17ec3d..763855fd2d8 100644 --- a/make/harbor.yml.tmpl +++ b/make/harbor.yml.tmpl @@ -17,6 +17,16 @@ https: certificate: /your/certificate/path private_key: /your/private/key/path +# # Harbor will set ipv4 enabled only by defualt if this block is not configured +# # Otherwise, please uncomment this block to configure your own ip_family stacks +# ip_family: +# # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component +# ipv6: +# enabled: false +# # ipv4Enabled set to true by default, currently it affected the nginx related component +# ipv4: +# enabled: true + # # Uncomment following will enable tls communication between all harbor components # internal_tls: # # set enabled to true means internal tls is enabled diff --git a/make/photon/prepare/migrations/version_2_10_0/harbor.yml.jinja b/make/photon/prepare/migrations/version_2_10_0/harbor.yml.jinja index 44a46968ff9..23e25dcb341 100644 --- a/make/photon/prepare/migrations/version_2_10_0/harbor.yml.jinja +++ b/make/photon/prepare/migrations/version_2_10_0/harbor.yml.jinja @@ -33,6 +33,28 @@ https: # private_key: /your/private/key/path {% endif %} +{% if ip_family is defined %} +# # Harbor will set ipv4 enabled only by defualt if this block is not configured +# # Otherwise, please uncomment this block to configure your own ip_family stacks +ip_family: + # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component + ipv6: + enabled: {{ ip_family.ipv6.enabled | lower }} + # ipv4Enabled set to true by default, currently it affected the nginx related component + ipv4: + enabled: {{ ip_family.ipv4.enabled | lower }} +{% else %} +# # Harbor will set ipv4 enabled only by defualt if this block is not configured +# # Otherwise, please uncomment this block to configure your own ip_family stacks +ip_family: + # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component + ipv6: + enabled: false + # ipv4Enabled set to true by default, currently it affected the nginx related component + ipv4: + enabled: true +{% endif %} + {% if internal_tls is defined %} # Uncomment following will enable tls communication between all harbor components internal_tls: diff --git a/make/photon/prepare/migrations/version_2_9_0/harbor.yml.jinja b/make/photon/prepare/migrations/version_2_9_0/harbor.yml.jinja index 1ab5ee9067a..2c429365add 100644 --- a/make/photon/prepare/migrations/version_2_9_0/harbor.yml.jinja +++ b/make/photon/prepare/migrations/version_2_9_0/harbor.yml.jinja @@ -33,6 +33,28 @@ https: # private_key: /your/private/key/path {% endif %} +{% if ip_family is defined %} +# # Harbor will set ipv4 enabled only by defualt if this block is not configured +# # Otherwise, please uncomment this block to configure your own ip_family stacks +ip_family: + # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component + ipv6: + enabled: {{ ip_family.ipv6.enabled | lower }} + # ipv4Enabled set to true by default, currently it affected the nginx related component + ipv4: + enabled: {{ ip_family.ipv4.enabled | lower }} +{% else %} +# # Harbor will set ipv4 enabled only by defualt if this block is not configured +# # Otherwise, please uncomment this block to configure your own ip_family stacks +ip_family: + # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component + ipv6: + enabled: false + # ipv4Enabled set to true by default, currently it affected the nginx related component + ipv4: + enabled: true +{% endif %} + {% if internal_tls is defined %} # Uncomment following will enable tls communication between all harbor components internal_tls: diff --git a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja index 4c62ae79a9c..a5d0d803737 100644 --- a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja +++ b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja @@ -50,8 +50,12 @@ http { include /etc/nginx/conf.d/*.server.conf; server { + {% if ip_family.ipv4.enabled %} listen 8443 ssl; + {% endif %} + {% if ip_family.ipv6.enabled %} listen [::]:8443 ssl; + {% endif %} # server_name harbordomain.com; server_tokens off; # SSL diff --git a/make/photon/prepare/templates/portal/nginx.conf.jinja b/make/photon/prepare/templates/portal/nginx.conf.jinja index 01de758fe06..3f17e71763c 100644 --- a/make/photon/prepare/templates/portal/nginx.conf.jinja +++ b/make/photon/prepare/templates/portal/nginx.conf.jinja @@ -16,8 +16,13 @@ http { server { {% if internal_tls.enabled %} + #ip_family + {% if ip_family.ipv4.enabled %} listen 8443 ssl; + {% endif %} + {% if ip_family.ipv6.enabled %} listen [::]:8443 ssl; + {% endif %} # SSL ssl_certificate /etc/harbor/tls/portal.crt; ssl_certificate_key /etc/harbor/tls/portal.key; diff --git a/make/photon/prepare/utils/configs.py b/make/photon/prepare/utils/configs.py index bb302493532..f47ff4c4054 100644 --- a/make/photon/prepare/utils/configs.py +++ b/make/photon/prepare/utils/configs.py @@ -298,6 +298,9 @@ def parse_yaml_config(config_file_path, with_trivy): external_database=config_dict['external_database']) else: config_dict['internal_tls'] = InternalTLS() + + # ip_family config + config_dict['ip_family'] = configs.get('ip_family') or {'ipv4': {'enabled': True}, 'ipv6': {'enabled': False}} # metric configs metric_config = configs.get('metric') diff --git a/make/photon/prepare/utils/nginx.py b/make/photon/prepare/utils/nginx.py index 54d4305d41b..0b1ffb8a456 100644 --- a/make/photon/prepare/utils/nginx.py +++ b/make/photon/prepare/utils/nginx.py @@ -63,7 +63,8 @@ def render_nginx_template(config_dict): ssl_cert=SSL_CERT_PATH, ssl_cert_key=SSL_CERT_KEY_PATH, internal_tls=config_dict['internal_tls'], - metric=config_dict['metric']) + metric=config_dict['metric'], + ip_family=config_dict['ip_family']) location_file_pattern = CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTPS else: diff --git a/make/photon/prepare/utils/portal.py b/make/photon/prepare/utils/portal.py index a2524827b08..d41de1264f8 100644 --- a/make/photon/prepare/utils/portal.py +++ b/make/photon/prepare/utils/portal.py @@ -14,5 +14,6 @@ def prepare_portal(config_dict): str(portal_conf_template_path), portal_conf, internal_tls=config_dict['internal_tls'], + ip_family=config_dict['ip_family'], uid=DEFAULT_UID, gid=DEFAULT_GID)