gitlab-qa 2.6.0 → 2.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 81d278d6accac93b1610339e1abcc4d64b189226ea7f676ff7b63dfe132ab04d
-  data.tar.gz: 034dbc5b7b2e6b1414ddea72dbf0a458bfdc0b24008fd2ae1870f2ef94830607
+  metadata.gz: 7231b698980bf0b656855e460090d63516d8c0ee1e602bf1be80034eabaa948f
+  data.tar.gz: 112641e434d83121666328a13951dea5f4b8c7e36bf0f35328256227e5e77b7a
 SHA512:
-  metadata.gz: 4d726dd622f3ddd1da43419bd770d6b8234918a8922499c4c9b2a1efd60ddff75c24943925a9071ed932a029f9306a8a4760935c32ac4d593cc5bccca2602856
-  data.tar.gz: 0776cbfc64d1173cb52d97b8098b7004bc76688da40183ea0b080de48c3acd5aa899b4cbd3457c2a702df01db1c5d7c8f97ad3383663f37077b01a4901a317bc
+  metadata.gz: dcdb2c0f75ac6944038d714bb3c3de967d7ad75185ab503e26fec5eb3674943afd4f8045087d69b583fb9b16e1adb5a48e5ff1f3812c82dd31f22b77c77e9d6a
+  data.tar.gz: fb19a43f654b1e9082df331fb459df1eb2fd4c6d176d9fde381fda15f34ee8cb07448a72b3edb31138d3664524653e481bec1c5dd6903130edd9bcedfaef2731

data/.gitlab-ci.yml

@@ -186,7 +186,21 @@ ee:ldap:
   <<: *high-capacity
   <<: *ee-qa
 
-ee:saml:
+ce:instance_saml:
+  script:
+  - bin/qa Test::Integration::InstanceSAML ${RELEASE:=CE}
+  <<: *test
+  <<: *high-capacity
+  <<: *ce-qa
+
+ee:instance_saml:
+  script:
+  - bin/qa Test::Integration::InstanceSAML ${RELEASE:=EE}
+  <<: *test
+  <<: *high-capacity
+  <<: *ee-qa  
+
+ee:group_saml:
   script:
   - bin/qa Test::Integration::GroupSAML ${RELEASE:=EE}
   <<: *test

data/.gitlab/issue_templates/Release.md

@@ -0,0 +1,7 @@
+### New scenarios
+
+- !xxx Description of the change (usually the title of the MR).
+
+### Other changes
+
+- !xxx Description of the change (usually the title of the MR).

data/docs/what_tests_can_be_run.md

@@ -182,6 +182,60 @@ $ gitlab-qa Test::Integration::LDAP EE
 
 [test-integration-ldap]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/qa/qa/scenario/test/integration/ldap.rb
 
+### `Test::Integration::GroupSAML EE|<full image address>`
+
+This tests that Group SAML login works as expected with an external SAML identity provider (idp).
+
+This scenario spins up a SAML idp provider and verifies that a user is able to login to a group 
+in GitLab that has SAML SSO enabled.
+
+To run tests against the GitLab containers, a GitLab QA (`gitlab/gitlab-qa`)
+container is spun up and tests are run from it by running the
+`Test::Integration::GroupSAML` scenario (located under [`gitlab-org/gitlab-ce@qa/qa/ee/scenario/test/integration/group_saml.rb`][test-integration-group-saml] in the GitLab EE project).
+
+[test-integration-group-saml]: https://gitlab.com/gitlab-org/gitlab-ee/blob/master/qa/qa/ee/scenario/test/integration/group_saml.rb
+
+**Required environment variables:**
+
+- `EE_LICENSE`: A valid EE license.
+
+Example:
+
+```
+$ export EE_LICENSE=$(cat /path/to/Geo.gitlab_license)
+
+$ gitlab-qa Test::Integration::GroupSAML EE
+```
+
+### `Test::Integration::InstanceSAML CE|EE|<full image address>`
+
+This tests that a GitLab instance works as expected with an external
+SAML identity provider (idp).
+
+This scenario spins up a SAML idp provider and verifies that a user is able to login to GitLab instance 
+using SAML.
+
+To run tests against the GitLab containers, a GitLab QA (`gitlab/gitlab-qa`)
+container is spun up and tests are run from it by running the
+`Test::Integration::InstanceSAML` scenario (located under [`gitlab-org/gitlab-ce@qa/qa/scenario/test/integration/instance_saml.rb`][test-integration-instance-saml] in the GitLab CE project).
+
+[test-integration-instance-saml]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/qa/qa/scenario/test/integration/instance_saml.rb
+
+**Required environment variables:**
+
+- [For EE only] `EE_LICENSE`: A valid EE license.
+
+Example:
+
+```
+$ gitlab-qa Test::Integration::InstanceSAML CE
+
+# For EE
+$ export EE_LICENSE=$(cat /path/to/Geo.gitlab_license)
+
+$ gitlab-qa Test::Integration::InstanceSAML EE
+```
+
 ### `Test::Integration::Mattermost CE|EE|<full image address>`
 
 This tests that a GitLab instance works as expected when enabling the embedded

data/lib/gitlab/qa.rb

@@ -30,7 +30,9 @@ module Gitlab
         module Integration
           autoload :Geo, 'qa/scenario/test/integration/geo'
           autoload :LDAP, 'qa/scenario/test/integration/ldap'
+          autoload :SAML, 'qa/scenario/test/integration/saml'
           autoload :GroupSAML, 'qa/scenario/test/integration/group_saml'
+          autoload :InstanceSAML, 'qa/scenario/test/integration/instance_saml'
           autoload :Mattermost, 'qa/scenario/test/integration/mattermost'
           autoload :Kubernetes, 'qa/scenario/test/integration/kubernetes'
           autoload :ObjectStorage, 'qa/scenario/test/integration/object_storage'

data/lib/gitlab/qa/component/gitlab.rb

@@ -12,7 +12,7 @@ module Gitlab
 
         attr_reader :release, :docker
         attr_accessor :volumes, :network, :environment
-        attr_writer :name, :relative_path
+        attr_writer :name, :relative_path, :exec_commands
 
         def_delegators :release, :tag, :image, :edition
 
@@ -23,6 +23,7 @@ module Gitlab
           @network_aliases = []
 
           self.release = 'CE'
+          self.exec_commands = []
         end
 
         def omnibus_config=(config)
@@ -60,6 +61,7 @@ module Gitlab
           start
           reconfigure
           wait
+          process_exec_commands
 
           yield self
 
@@ -142,8 +144,14 @@ module Gitlab
           manifest['software']['gitlab-rails']['locked_version']
         end
 
+        def process_exec_commands
+          exec_commands.each { |command| @docker.exec(name, command) }
+        end
+
         private
 
+        attr_reader :exec_commands
+
         def ensure_configured!
           raise 'Please configure an instance first!' unless [name, release, network].all?
         end

data/lib/gitlab/qa/docker/engine.rb

@@ -23,6 +23,10 @@ module Gitlab
           end
         end
 
+        def exec(name, command)
+          Docker::Command.execute("exec #{name} bash -c '#{command}'")
+        end
+
         def read_file(image, tag, path, &block)
           cat_file = "run --rm --entrypoint /bin/cat #{image}:#{tag} #{path}"
           Docker::Command.execute(cat_file, &block)

data/lib/gitlab/qa/scenario/test/integration/geo.rb

@@ -4,6 +4,8 @@ module Gitlab
       module Test
         module Integration
           class Geo < Scenario::Template
+            GIT_LFS_VERSION = '2.5.2'.freeze
+
             ##
             # rubocop:disable Lint/MissingCopEnableDirective
             # rubocop:disable Metrics/MethodLength
@@ -31,6 +33,7 @@ module Gitlab
                   sidekiq['concurrency'] = 2;
                   unicorn['worker_processes'] = 2;
                 OMNIBUS
+                primary.exec_commands = fast_ssh_key_lookup_commands + git_lfs_install_commands
 
                 primary.instance do
                   Component::Gitlab.perform do |secondary|
@@ -44,13 +47,14 @@ module Gitlab
                       unicorn['worker_processes'] = 2;
                       gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0'];
                     OMNIBUS
+                    secondary.exec_commands = fast_ssh_key_lookup_commands + git_lfs_install_commands
 
                     secondary.act do
                       # TODO, we do not wait for secondary to start because of
                       # https://gitlab.com/gitlab-org/gitlab-ee/issues/3999
                       #
                       # rubocop:disable Style/Semicolon
-                      prepare; start; reconfigure
+                      prepare; start; reconfigure; process_exec_commands
 
                       # shellout to instance specs
                       puts 'Running Geo primary / secondary specs!'
@@ -73,6 +77,30 @@ module Gitlab
                 end
               end
             end
+
+            private
+
+            def fast_ssh_key_lookup_content
+              @fast_ssh_key_lookup_content ||= <<~CONTENT
+              # Enable fast SSH key lookup - https://docs.gitlab.com/ee/administration/operations/fast_ssh_key_lookup.html
+              AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k
+              AuthorizedKeysCommandUser git
+              CONTENT
+            end
+
+            def fast_ssh_key_lookup_commands
+              @fast_ssh_key_lookup_commands ||= [
+                %(echo -e "\n#{fast_ssh_key_lookup_content.chomp}" >> /assets/sshd_config),
+                'gitlab-ctl restart sshd'
+              ]
+            end
+
+            def git_lfs_install_commands
+              @git_lfs_install_commands ||= [
+                "cd /tmp ; curl -qsL https://github.com/git-lfs/git-lfs/releases/download/v#{GIT_LFS_VERSION}/git-lfs-linux-amd64-v#{GIT_LFS_VERSION}.tar.gz | tar xzvf -",
+                'cp /tmp/git-lfs /usr/local/bin'
+              ]
+            end
           end
         end
       end

data/lib/gitlab/qa/scenario/test/integration/group_saml.rb

@@ -5,47 +5,28 @@ module Gitlab
     module Scenario
       module Test
         module Integration
-          class GroupSAML < Scenario::Template
-            # rubocop:disable Metrics/AbcSize
-            def perform(release)
-              release = Release.new(release)
+          class GroupSAML < SAML
+            def initialize
+              @gitlab_name = 'gitlab-group-saml'
+              @spec_suite = 'QA::EE::Scenario::Test::Integration::GroupSAML'
+            end
 
+            def before_perform(release)
               raise ArgumentError, 'Group SAML is EE only feature!' unless release.ee?
+            end
 
-              Component::Gitlab.perform do |gitlab|
-                gitlab.release = release.edition
-                gitlab.name = 'gitlab-saml'
-                gitlab.network = 'test'
-
-                Component::SAML.perform do |saml|
-                  saml.network = 'test'
-                  saml.set_entity_id("#{gitlab.address}/groups/#{saml.group_name}")
-                  saml.set_assertion_consumer_service("#{gitlab.address}/groups/#{saml.group_name}/-/saml/callback")
-                  saml.set_sandbox_name(saml.group_name)
-                  saml.set_simple_saml_hostname
-                  saml.set_accept_insecure_certs
-
-                  gitlab.omnibus_config = <<~OMNIBUS
-                    gitlab_rails['omniauth_enabled'] = true;
-                    gitlab_rails['omniauth_providers'] = [{ name: 'group_saml' }];
-                  OMNIBUS
-
-                  saml.instance do
-                    gitlab.instance do
-                      puts 'Running SAML specs!'
+            def configure(gitlab, saml)
+              saml.set_entity_id("#{gitlab.address}/groups/#{saml.group_name}")
+              saml.set_assertion_consumer_service("#{gitlab.address}/groups/#{saml.group_name}/-/saml/callback")
+              saml.set_sandbox_name(saml.group_name)
+              saml.set_simple_saml_hostname
+              saml.set_accept_insecure_certs
 
-                      Component::Specs.perform do |specs|
-                        specs.suite = 'QA::EE::Scenario::Test::Integration::GroupSAML'
-                        specs.release = release
-                        specs.network = gitlab.network
-                        specs.args = [gitlab.address]
-                      end
-                    end
-                  end
-                end
-              end
+              gitlab.omnibus_config = <<~OMNIBUS
+                gitlab_rails['omniauth_enabled'] = true;
+                gitlab_rails['omniauth_providers'] = [{ name: 'group_saml' }];
+              OMNIBUS
             end
-            # rubocop:enable Metrics/AbcSize
           end
         end
       end

data/lib/gitlab/qa/scenario/test/integration/instance_saml.rb

@@ -0,0 +1,44 @@
+require 'yaml'
+
+module Gitlab
+  module QA
+    module Scenario
+      module Test
+        module Integration
+          class InstanceSAML < SAML
+            def initialize
+              @gitlab_name = 'gitlab-instance-saml'
+              @spec_suite = 'Test::Integration::InstanceSAML'
+            end
+
+            def configure(gitlab, saml)
+              saml.set_entity_id(gitlab.address)
+              saml.set_assertion_consumer_service("#{gitlab.address}/users/auth/saml/callback")
+              saml.set_simple_saml_hostname
+              saml.set_accept_insecure_certs
+
+              gitlab.omnibus_config = <<~OMNIBUS
+                gitlab_rails['omniauth_enabled'] = true;
+                gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'];
+                gitlab_rails['omniauth_block_auto_created_users'] = false;
+                gitlab_rails['omniauth_auto_link_saml_user'] = true;
+                gitlab_rails['omniauth_providers'] = [
+                  {
+                    name: 'saml',
+                    args: {
+                             assertion_consumer_service_url: '#{gitlab.address}/users/auth/saml/callback',
+                             idp_cert_fingerprint: '11:9b:9e:02:79:59:cd:b7:c6:62:cf:d0:75:d9:e2:ef:38:4e:44:5f',
+                             idp_sso_target_url: 'https://#{saml.hostname}:8443/simplesaml/saml2/idp/SSOService.php',
+                             issuer: '#{gitlab.address}',
+                             name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
+                           }
+                  }
+                ];
+              OMNIBUS
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/qa/scenario/test/integration/saml.rb

@@ -0,0 +1,52 @@
+require 'yaml'
+
+module Gitlab
+  module QA
+    module Scenario
+      module Test
+        module Integration
+          class SAML < Scenario::Template
+            attr_reader :gitlab_name, :spec_suite
+
+            def configure(gitlab, saml)
+              raise NotImplementedError
+            end
+
+            def before_perform(release)
+              # no-op
+            end
+
+            def perform(release)
+              release = Release.new(release)
+              before_perform(release)
+
+              Component::Gitlab.perform do |gitlab|
+                gitlab.release = release.edition
+                gitlab.network = 'test'
+                gitlab.name = gitlab_name
+
+                Component::SAML.perform do |saml|
+                  saml.network = 'test'
+                  configure(gitlab, saml)
+
+                  saml.instance do
+                    gitlab.instance do
+                      puts "Running #{spec_suite} specs!"
+
+                      Component::Specs.perform do |specs|
+                        specs.suite = spec_suite
+                        specs.release = release
+                        specs.network = gitlab.network
+                        specs.args = [gitlab.address]
+                      end
+                    end
+                  end
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/qa/version.rb

@@ -1,5 +1,5 @@
 module Gitlab
   module QA
-    VERSION = '2.6.0'.freeze
+    VERSION = '2.7.0'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-qa
 version: !ruby/object:Gem::Version
-  version: 2.6.0
+  version: 2.7.0
 platform: ruby
 authors:
 - Grzegorz Bizon
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-10-09 00:00:00.000000000 Z
+date: 2018-10-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: climate_control
@@ -119,6 +119,7 @@ files:
 - ".dockerignore"
 - ".gitignore"
 - ".gitlab-ci.yml"
+- ".gitlab/issue_templates/Release.md"
 - ".rspec"
 - ".rubocop.yml"
 - ".travis.yml"
@@ -164,10 +165,12 @@ files:
 - lib/gitlab/qa/scenario/test/instance/staging.rb
 - lib/gitlab/qa/scenario/test/integration/geo.rb
 - lib/gitlab/qa/scenario/test/integration/group_saml.rb
+- lib/gitlab/qa/scenario/test/integration/instance_saml.rb
 - lib/gitlab/qa/scenario/test/integration/kubernetes.rb
 - lib/gitlab/qa/scenario/test/integration/ldap.rb
 - lib/gitlab/qa/scenario/test/integration/mattermost.rb
 - lib/gitlab/qa/scenario/test/integration/object_storage.rb
+- lib/gitlab/qa/scenario/test/integration/saml.rb
 - lib/gitlab/qa/scenario/test/omnibus/image.rb
 - lib/gitlab/qa/scenario/test/omnibus/update.rb
 - lib/gitlab/qa/scenario/test/omnibus/upgrade.rb