chemlab 0.0.1 → 0.1.0

data/qa/specs/features/ee/browser_ui/1_manage/group/group_audit_logs_2_spec.rb

@@ -1,103 +0,0 @@
-# frozen_string_literal: true
-require 'securerandom'
-
-module QA
-  context 'Manage' do
-    shared_examples 'audit event' do |expected_events|
-      it 'logs audit events for UI operations' do
-        Page::Group::Menu.perform(&:go_to_audit_events_settings)
-        expected_events.each do |expected_event|
-          expect(page).to have_text(expected_event)
-        end
-      end
-    end
-
-    describe 'Group' do
-      before(:all) do
-        @group = Resource::Group.fabricate_via_api! do |resource|
-          resource.path = "test-group-#{SecureRandom.hex(8)}"
-        end
-      end
-
-      # Bug issue: https://gitlab.com/gitlab-org/gitlab/issues/14756
-      context 'Disable and Enable LFS', :skip do
-        before do
-          sign_in
-          @group.visit!
-          Page::Group::Menu.perform(&:click_group_general_settings_item)
-          Page::Group::Settings::General.perform(&:set_lfs_disabled)
-
-          Page::Group::Menu.perform(&:click_group_general_settings_item)
-          Page::Group::Settings::General.perform(&:set_lfs_enabled)
-        end
-
-        it_behaves_like 'audit event', ["Change lfs enabled from false to true", "Change lfs enabled from true to false"]
-      end
-
-      context 'Enable and disable LFS' do
-        before do
-          sign_in
-          @group.visit!
-          Page::Group::Menu.perform(&:click_group_general_settings_item)
-          Page::Group::Settings::General.perform(&:set_membership_lock_enabled)
-
-          Page::Group::Menu.perform(&:click_group_general_settings_item)
-          Page::Group::Settings::General.perform(&:set_membership_lock_disabled)
-        end
-
-        it_behaves_like 'audit event', ["Change membership lock from true to false", "Change membership lock from false to true"]
-      end
-
-      context 'Enable and disable allow user request access' do
-        before do
-          sign_in
-          @group.visit!
-          Page::Group::Menu.perform(&:click_group_general_settings_item)
-          Page::Group::Settings::General.perform(&:toggle_request_access)
-
-          Page::Group::Menu.perform(&:click_group_general_settings_item)
-          Page::Group::Settings::General.perform(&:toggle_request_access)
-        end
-
-        it_behaves_like 'audit event', ["Change request access enabled from true to false", "Change request access enabled from false to true"]
-      end
-
-      # Bug issue: https://gitlab.com/gitlab-org/gitlab/issues/31764
-      context 'Enable and disable 2FA requirement', :skip do
-        before do
-          sign_in
-          @group.visit!
-          Page::Group::Menu.perform(&:click_group_general_settings_item)
-          Page::Group::Settings::General.perform(&:set_require_2fa_enabled)
-          Page::Profile::TwoFactorAuth.perform(&:click_configure_it_later_button)
-
-          @group.visit!
-          Page::Group::Menu.perform(&:click_group_general_settings_item)
-          Page::Group::Settings::General.perform(&:set_require_2fa_disabled)
-        end
-
-        it_behaves_like 'audit event', ["Change require two factor authentication from true to false", "Change require two factor authentication from false to true"]
-      end
-
-      context 'Change project creation level' do
-        before do
-          sign_in
-          @group.visit!
-          Page::Group::Menu.perform(&:click_group_general_settings_item)
-          Page::Group::Settings::General.perform do |settings|
-            settings.set_project_creation_level("Maintainers")
-          end
-        end
-
-        it_behaves_like 'audit event', ["Change project creation level"]
-      end
-    end
-
-    def sign_in
-      unless Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
-        Runtime::Browser.visit(:gitlab, Page::Main::Login)
-        Page::Main::Login.perform(&:sign_in_using_credentials)
-      end
-    end
-  end
-end

data/qa/specs/features/ee/browser_ui/1_manage/group/group_file_template_spec.rb

@@ -1,141 +0,0 @@
-# frozen_string_literal: true
-
-module QA
-  context 'Manage' do
-    describe 'Group file templates', :requires_admin do
-      include Support::Api
-
-      templates = [
-        {
-          type: 'Dockerfile',
-          template: 'custom_dockerfile',
-          file_path: 'Dockerfile/custom_dockerfile.dockerfile',
-          content: 'dockerfile template test'
-        },
-        {
-          type: '.gitignore',
-          template: 'custom_gitignore',
-          file_path: 'gitignore/custom_gitignore.gitignore',
-          content: 'gitignore template test'
-        },
-        {
-          type: '.gitlab-ci.yml',
-          template: 'custom_gitlab-ci',
-          file_path: 'gitlab-ci/custom_gitlab-ci.yml',
-          content:
-            <<~CI
-              job:
-                script: echo "Skipped"
-                except:
-                  - master
-            CI
-        },
-        {
-          type: 'LICENSE',
-          template: 'custom_license',
-          file_path: 'LICENSE/custom_license.txt',
-          content: 'license template test'
-        }
-      ]
-
-      before(:all) do
-        admin = QA::Resource::User.new.tap do |user|
-          user.username = QA::Runtime::User.admin_username
-          user.password = QA::Runtime::User.admin_password
-        end
-        @api_client = Runtime::API::Client.new(:gitlab, user: admin)
-        @api_client.personal_access_token
-
-        @group = Resource::Group.fabricate_via_api! do |group|
-          group.path = 'template-group'
-          group.user = admin
-          group.api_client = @api_client
-        end
-
-        @file_template_project = Resource::Project.fabricate_via_api! do |project|
-          project.group = @group
-          project.name = 'group-file-template-project'
-          project.description = 'Add group file templates'
-          project.auto_devops_enabled = false
-          project.initialize_with_readme = true
-          project.user = admin
-          project.api_client = @api_client
-        end
-
-        Resource::Repository::Commit.fabricate_via_api! do |commit|
-          commit.project = @file_template_project
-          commit.commit_message = 'Add group file templates'
-          commit.add_files(templates)
-          commit.user = admin
-          commit.api_client = @api_client
-        end
-
-        @project = Resource::Project.fabricate_via_api! do |project|
-          project.group = @group
-          project.name = 'group-file-template-project-2'
-          project.description = 'Add files for group file templates'
-          project.auto_devops_enabled = false
-          project.initialize_with_readme = true
-          project.user = admin
-          project.api_client = @api_client
-        end
-      end
-
-      after(:all) do
-        Flow::Login.while_signed_in_as_admin do
-          remove_group_file_template_if_set
-        end
-      end
-
-      templates.each do |template|
-        it "creates file via custom #{template[:type]} file template" do
-          Flow::Login.sign_in_as_admin
-
-          set_file_template_if_not_already_set
-
-          @project.visit!
-
-          Page::Project::Show.perform(&:create_new_file!)
-          Page::File::Form.perform do |form|
-            form.select_template template[:type], template[:template]
-
-            expect(form).to have_normalized_ws_text(template[:content])
-
-            form.commit_changes
-            form.finished_loading?
-
-            aggregate_failures "indications of file created" do
-              expect(form).to have_content('The file has been successfully created.')
-              expect(form).to have_content(template[:type])
-              expect(form).to have_content('Add new file')
-              expect(form).to have_normalized_ws_text(template[:content].chomp)
-            end
-          end
-        end
-      end
-
-      def set_file_template_if_not_already_set
-        response = get Runtime::API::Request.new(@api_client, "/groups/#{@group.id}").url
-
-        if parse_body(response)[:file_template_project_id]
-          return
-        else
-          @group.visit!
-          Page::Group::Menu.perform(&:click_group_general_settings_item)
-
-          Page::Group::Settings::General.perform do |general|
-            general.choose_file_template_repository(@file_template_project.name)
-          end
-        end
-      end
-
-      def remove_group_file_template_if_set
-        response = get Runtime::API::Request.new(@api_client, "/groups/#{@group.id}").url
-
-        if parse_body(response)[:file_template_project_id]
-          put Runtime::API::Request.new(@api_client, "/groups/#{@group.id}").url, { file_template_project_id: nil }
-        end
-      end
-    end
-  end
-end

data/qa/specs/features/ee/browser_ui/1_manage/group/group_ldap_sync_spec.rb

@@ -1,183 +0,0 @@
-# frozen_string_literal: true
-
-module QA
-  context 'Manage', :orchestrated, :ldap_tls, :ldap_no_tls, :requires_admin do
-    describe 'LDAP Group sync' do
-      include Support::Api
-
-      before(:all) do
-        # Create the sandbox group as the LDAP user. Without this the admin user
-        # would own the sandbox group and then in subsequent tests the LDAP user
-        # would not have enough permission to push etc.
-        Resource::Sandbox.fabricate_via_api!
-
-        # Create an admin personal access token and use it for the remaining API calls
-        @original_personal_access_token = Runtime::Env.personal_access_token
-
-        Page::Main::Menu.perform do |menu|
-          menu.sign_out if menu.has_personal_area?
-        end
-
-        Runtime::Browser.visit(:gitlab, Page::Main::Login)
-        Page::Main::Login.perform(&:sign_in_using_admin_credentials)
-
-        Runtime::Env.personal_access_token = Resource::PersonalAccessToken.fabricate!.access_token
-        Page::Main::Menu.perform(&:sign_out)
-      end
-
-      after(:all) do
-        # Restore the original personal access token so that subsequent tests
-        # don't perform API calls as an admin user while logged in as a non-root
-        # LDAP user
-        Runtime::Env.personal_access_token = @original_personal_access_token
-      end
-
-      context 'using group cn method' do
-        let(:ldap_users) do
-          [
-            {
-              name: 'ENG User 1',
-              username: 'enguser1',
-              email: 'enguser1@example.org',
-              provider: 'ldapmain',
-              extern_uid: 'uid=enguser1,ou=people,ou=global groups,dc=example,dc=org'
-            },
-            {
-              name: 'ENG User 2',
-              username: 'enguser2',
-              email: 'enguser2@example.org',
-              provider: 'ldapmain',
-              extern_uid: 'uid=enguser2,ou=people,ou=global groups,dc=example,dc=org'
-            },
-            {
-              name: 'ENG User 3',
-              username: 'enguser3',
-              email: 'enguser3@example.org',
-              provider: 'ldapmain',
-              extern_uid: 'uid=enguser3,ou=people,ou=global groups,dc=example,dc=org'
-            }
-          ]
-        end
-        let(:owner_user) { 'enguser1' }
-        let(:sync_users) { ['ENG User 2', 'ENG User 3'] }
-
-        before do
-          @created_users = create_users_via_api(ldap_users)
-          group = create_group_and_add_user_via_api(owner_user, 'Synched-engineering-group', Resource::Members::AccessLevel::OWNER)
-          signin_and_visit_group_as_user(owner_user, group)
-
-          Page::Group::Menu.perform(&:go_to_ldap_sync_settings)
-
-          EE::Page::Group::Settings::LDAPSync.perform do |settings|
-            settings.set_sync_method('LDAP Group cn')
-            settings.set_group_cn('Engineering')
-            settings.click_add_sync_button
-          end
-
-          Page::Group::Menu.perform(&:click_group_members_item)
-        end
-
-        it 'has LDAP users synced' do
-          verify_users_synced(sync_users)
-        end
-      end
-
-      context 'user filter method' do
-        let(:ldap_users) do
-          [
-            {
-              name: 'HR User 1',
-              username: 'hruser1',
-              email: 'hruser1@example.org',
-              provider: 'ldapmain',
-              extern_uid: 'uid=hruser1,ou=people,ou=global groups,dc=example,dc=org'
-            },
-            {
-              name: 'HR User 2',
-              username: 'hruser2',
-              email: 'hruser2@example.org',
-              provider: 'ldapmain',
-              extern_uid: 'uid=hruser2,ou=people,ou=global groups,dc=example,dc=org'
-            },
-            {
-              name: 'HR User 3',
-              username: 'hruser3',
-              email: 'hruser3@example.org',
-              provider: 'ldapmain',
-              extern_uid: 'uid=hruser3,ou=people,ou=global groups,dc=example,dc=org'
-            }
-          ]
-        end
-        let(:owner_user) { 'hruser1' }
-        let(:sync_users) { ['HR User 2', 'HR User 3'] }
-
-        before do
-          @created_users = create_users_via_api(ldap_users)
-
-          group = create_group_and_add_user_via_api(owner_user, 'Synched-human-resources-group', Resource::Members::AccessLevel::OWNER)
-
-          signin_and_visit_group_as_user(owner_user, group)
-
-          Page::Group::Menu.perform(&:go_to_ldap_sync_settings)
-
-          EE::Page::Group::Settings::LDAPSync.perform do |settings|
-            settings.set_user_filter('(&(objectClass=person)(cn=HR*))')
-            settings.click_add_sync_button
-          end
-
-          Page::Group::Menu.perform(&:click_group_members_item)
-        end
-
-        it 'has LDAP users synced' do
-          verify_users_synced(sync_users)
-        end
-      end
-
-      def create_users_via_api(users)
-        created_users = {}
-
-        users.each do |user|
-          created_users[user[:username]] = Resource::User.fabricate_via_api! do |resource|
-            resource.username = user[:username]
-            resource.name = user[:name]
-            resource.email = user[:email]
-            resource.extern_uid = user[:extern_uid]
-            resource.provider = user[:provider]
-          end
-        end
-        created_users
-      end
-
-      def create_group_and_add_user_via_api(user_name, group_name, role)
-        group = Resource::Group.fabricate_via_api! do |resource|
-          resource.path = "#{group_name}-#{SecureRandom.hex(4)}"
-        end
-
-        group.add_member(@created_users[user_name], role)
-
-        group
-      end
-
-      def signin_and_visit_group_as_user(user_name, group)
-        user = Struct.new(:ldap_username, :ldap_password).new(user_name, 'password')
-
-        Runtime::Browser.visit(:gitlab, Page::Main::Login)
-        Page::Main::Login.perform do |login_page|
-          login_page.sign_in_using_ldap_credentials(user: user)
-        end
-
-        group.visit!
-      end
-
-      def verify_users_synced(expected_users)
-        EE::Page::Group::Members.perform do |members|
-          members.click_sync_now
-          users_synchronised = members.retry_until(reload: true) do
-            expected_users.map { |user| members.has_content?(user) }.all?
-          end
-          expect(users_synchronised).to be_truthy
-        end
-      end
-    end
-  end
-end

data/qa/specs/features/ee/browser_ui/1_manage/group/group_saml_enforced_sso_spec.rb

@@ -1,115 +0,0 @@
-# frozen_string_literal: true
-
-module QA
-  context 'Manage', :group_saml, :orchestrated do
-    describe 'Group SAML SSO - Enforced SSO' do
-      include Support::Api
-
-      before do
-        Support::Retrier.retry_on_exception do
-          Flow::Saml.remove_saml_idp_service(@saml_idp_service) if @saml_idp_service
-
-          @group = Resource::Sandbox.fabricate_via_api! do |sandbox_group|
-            sandbox_group.path = "saml_sso_group_#{SecureRandom.hex(8)}"
-          end
-
-          @developer_user = Resource::User.fabricate_via_api!
-
-          @group.add_member(@developer_user)
-
-          @saml_idp_service = Flow::Saml.run_saml_idp_service(@group.path)
-
-          @managed_group_url = setup_and_enable_enforce_sso
-
-          Flow::Saml.logout_from_idp(@saml_idp_service)
-
-          page.visit Runtime::Scenario.gitlab_address
-          Page::Main::Menu.perform(&:sign_out_if_signed_in)
-        end
-      end
-
-      it 'user clones and pushes to project within a group using Git HTTP' do
-        Flow::Login.sign_in
-
-        @project = Resource::Project.fabricate! do |project|
-          project.name = 'project-in-saml-enforced-group'
-          project.description = 'project in SAML enforced group for git clone test'
-          project.group = @group
-          project.initialize_with_readme = true
-        end
-
-        @project.visit!
-
-        expect do
-          Resource::Repository::ProjectPush.fabricate! do |project_push|
-            project_push.project = @project
-            project_push.branch_name = "new_branch"
-            project_push.user = @developer_user
-          end
-        end.not_to raise_error
-      end
-
-      after do
-        page.visit Runtime::Scenario.gitlab_address
-        %w[enforced_sso enforced_sso_requires_session group_administration_nav_item].each do |flag|
-          Runtime::Feature.remove(flag)
-        end
-
-        @group.remove_via_api!
-
-        Page::Main::Menu.perform(&:sign_out_if_signed_in)
-
-        Flow::Saml.remove_saml_idp_service(@saml_idp_service)
-      end
-    end
-
-    def setup_and_enable_enforce_sso
-      %w[enforced_sso enforced_sso_requires_session group_administration_nav_item].each do |flag|
-        Runtime::Feature.enable_and_verify(flag)
-      end
-
-      page.visit Runtime::Scenario.gitlab_address
-      Page::Main::Login.perform(&:sign_in_using_credentials) unless Page::Main::Menu.perform(&:signed_in?)
-
-      Support::Retrier.retry_on_exception do
-        Flow::Saml.visit_saml_sso_settings(@group)
-        ensure_enforced_sso_button_shown
-
-        managed_group_url = EE::Page::Group::Settings::SamlSSO.perform do |saml_sso|
-          saml_sso.enforce_sso
-
-          saml_sso.set_id_provider_sso_url(@saml_idp_service.idp_sso_url)
-          saml_sso.set_cert_fingerprint(@saml_idp_service.idp_certificate_fingerprint)
-
-          saml_sso.click_save_changes
-
-          saml_sso.user_login_url_link_text
-        end
-
-        Flow::Saml.visit_saml_sso_settings(@group, direct: true)
-        ensure_enforced_sso_button_shown
-
-        unless EE::Page::Group::Settings::SamlSSO.perform(&:enforce_sso_enabled?)
-          QA::Runtime::Logger.debug "Enforced SSO not setup correctly. About to raise failure."
-          QA::Runtime::Logger.debug Capybara::Screenshot.screenshot_and_save_page
-          QA::Runtime::Logger.debug Runtime::Feature.get_features
-
-          raise "Enforced SSO not setup correctly"
-        end
-
-        managed_group_url
-      end
-    end
-
-    def ensure_enforced_sso_button_shown
-      # Sometimes, the toggle button for SAML SSO does not appear and only appears after a refresh
-      # This issue can only be reproduced manually if you are too quick to go to the group setting page
-      # after enabling the feature flags.
-      Support::Retrier.retry_until(sleep_interval: 1, raise_on_failure: true) do
-        condition_met = EE::Page::Group::Settings::SamlSSO.perform(&:has_enforced_sso_button?)
-        page.refresh unless condition_met
-        condition_met
-      end
-    end
-  end
-end