gitlab-qa 2.6.0 → 2.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitlab-ci.yml +15 -1
- data/.gitlab/issue_templates/Release.md +7 -0
- data/docs/what_tests_can_be_run.md +54 -0
- data/lib/gitlab/qa.rb +2 -0
- data/lib/gitlab/qa/component/gitlab.rb +9 -1
- data/lib/gitlab/qa/docker/engine.rb +4 -0
- data/lib/gitlab/qa/scenario/test/integration/geo.rb +29 -1
- data/lib/gitlab/qa/scenario/test/integration/group_saml.rb +17 -36
- data/lib/gitlab/qa/scenario/test/integration/instance_saml.rb +44 -0
- data/lib/gitlab/qa/scenario/test/integration/saml.rb +52 -0
- data/lib/gitlab/qa/version.rb +1 -1
- metadata +5 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7231b698980bf0b656855e460090d63516d8c0ee1e602bf1be80034eabaa948f
|
4
|
+
data.tar.gz: 112641e434d83121666328a13951dea5f4b8c7e36bf0f35328256227e5e77b7a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dcdb2c0f75ac6944038d714bb3c3de967d7ad75185ab503e26fec5eb3674943afd4f8045087d69b583fb9b16e1adb5a48e5ff1f3812c82dd31f22b77c77e9d6a
|
7
|
+
data.tar.gz: fb19a43f654b1e9082df331fb459df1eb2fd4c6d176d9fde381fda15f34ee8cb07448a72b3edb31138d3664524653e481bec1c5dd6903130edd9bcedfaef2731
|
data/.gitlab-ci.yml
CHANGED
@@ -186,7 +186,21 @@ ee:ldap:
|
|
186
186
|
<<: *high-capacity
|
187
187
|
<<: *ee-qa
|
188
188
|
|
189
|
-
|
189
|
+
ce:instance_saml:
|
190
|
+
script:
|
191
|
+
- bin/qa Test::Integration::InstanceSAML ${RELEASE:=CE}
|
192
|
+
<<: *test
|
193
|
+
<<: *high-capacity
|
194
|
+
<<: *ce-qa
|
195
|
+
|
196
|
+
ee:instance_saml:
|
197
|
+
script:
|
198
|
+
- bin/qa Test::Integration::InstanceSAML ${RELEASE:=EE}
|
199
|
+
<<: *test
|
200
|
+
<<: *high-capacity
|
201
|
+
<<: *ee-qa
|
202
|
+
|
203
|
+
ee:group_saml:
|
190
204
|
script:
|
191
205
|
- bin/qa Test::Integration::GroupSAML ${RELEASE:=EE}
|
192
206
|
<<: *test
|
@@ -182,6 +182,60 @@ $ gitlab-qa Test::Integration::LDAP EE
|
|
182
182
|
|
183
183
|
[test-integration-ldap]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/qa/qa/scenario/test/integration/ldap.rb
|
184
184
|
|
185
|
+
### `Test::Integration::GroupSAML EE|<full image address>`
|
186
|
+
|
187
|
+
This tests that Group SAML login works as expected with an external SAML identity provider (idp).
|
188
|
+
|
189
|
+
This scenario spins up a SAML idp provider and verifies that a user is able to login to a group
|
190
|
+
in GitLab that has SAML SSO enabled.
|
191
|
+
|
192
|
+
To run tests against the GitLab containers, a GitLab QA (`gitlab/gitlab-qa`)
|
193
|
+
container is spun up and tests are run from it by running the
|
194
|
+
`Test::Integration::GroupSAML` scenario (located under [`gitlab-org/gitlab-ce@qa/qa/ee/scenario/test/integration/group_saml.rb`][test-integration-group-saml] in the GitLab EE project).
|
195
|
+
|
196
|
+
[test-integration-group-saml]: https://gitlab.com/gitlab-org/gitlab-ee/blob/master/qa/qa/ee/scenario/test/integration/group_saml.rb
|
197
|
+
|
198
|
+
**Required environment variables:**
|
199
|
+
|
200
|
+
- `EE_LICENSE`: A valid EE license.
|
201
|
+
|
202
|
+
Example:
|
203
|
+
|
204
|
+
```
|
205
|
+
$ export EE_LICENSE=$(cat /path/to/Geo.gitlab_license)
|
206
|
+
|
207
|
+
$ gitlab-qa Test::Integration::GroupSAML EE
|
208
|
+
```
|
209
|
+
|
210
|
+
### `Test::Integration::InstanceSAML CE|EE|<full image address>`
|
211
|
+
|
212
|
+
This tests that a GitLab instance works as expected with an external
|
213
|
+
SAML identity provider (idp).
|
214
|
+
|
215
|
+
This scenario spins up a SAML idp provider and verifies that a user is able to login to GitLab instance
|
216
|
+
using SAML.
|
217
|
+
|
218
|
+
To run tests against the GitLab containers, a GitLab QA (`gitlab/gitlab-qa`)
|
219
|
+
container is spun up and tests are run from it by running the
|
220
|
+
`Test::Integration::InstanceSAML` scenario (located under [`gitlab-org/gitlab-ce@qa/qa/scenario/test/integration/instance_saml.rb`][test-integration-instance-saml] in the GitLab CE project).
|
221
|
+
|
222
|
+
[test-integration-instance-saml]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/qa/qa/scenario/test/integration/instance_saml.rb
|
223
|
+
|
224
|
+
**Required environment variables:**
|
225
|
+
|
226
|
+
- [For EE only] `EE_LICENSE`: A valid EE license.
|
227
|
+
|
228
|
+
Example:
|
229
|
+
|
230
|
+
```
|
231
|
+
$ gitlab-qa Test::Integration::InstanceSAML CE
|
232
|
+
|
233
|
+
# For EE
|
234
|
+
$ export EE_LICENSE=$(cat /path/to/Geo.gitlab_license)
|
235
|
+
|
236
|
+
$ gitlab-qa Test::Integration::InstanceSAML EE
|
237
|
+
```
|
238
|
+
|
185
239
|
### `Test::Integration::Mattermost CE|EE|<full image address>`
|
186
240
|
|
187
241
|
This tests that a GitLab instance works as expected when enabling the embedded
|
data/lib/gitlab/qa.rb
CHANGED
@@ -30,7 +30,9 @@ module Gitlab
|
|
30
30
|
module Integration
|
31
31
|
autoload :Geo, 'qa/scenario/test/integration/geo'
|
32
32
|
autoload :LDAP, 'qa/scenario/test/integration/ldap'
|
33
|
+
autoload :SAML, 'qa/scenario/test/integration/saml'
|
33
34
|
autoload :GroupSAML, 'qa/scenario/test/integration/group_saml'
|
35
|
+
autoload :InstanceSAML, 'qa/scenario/test/integration/instance_saml'
|
34
36
|
autoload :Mattermost, 'qa/scenario/test/integration/mattermost'
|
35
37
|
autoload :Kubernetes, 'qa/scenario/test/integration/kubernetes'
|
36
38
|
autoload :ObjectStorage, 'qa/scenario/test/integration/object_storage'
|
@@ -12,7 +12,7 @@ module Gitlab
|
|
12
12
|
|
13
13
|
attr_reader :release, :docker
|
14
14
|
attr_accessor :volumes, :network, :environment
|
15
|
-
attr_writer :name, :relative_path
|
15
|
+
attr_writer :name, :relative_path, :exec_commands
|
16
16
|
|
17
17
|
def_delegators :release, :tag, :image, :edition
|
18
18
|
|
@@ -23,6 +23,7 @@ module Gitlab
|
|
23
23
|
@network_aliases = []
|
24
24
|
|
25
25
|
self.release = 'CE'
|
26
|
+
self.exec_commands = []
|
26
27
|
end
|
27
28
|
|
28
29
|
def omnibus_config=(config)
|
@@ -60,6 +61,7 @@ module Gitlab
|
|
60
61
|
start
|
61
62
|
reconfigure
|
62
63
|
wait
|
64
|
+
process_exec_commands
|
63
65
|
|
64
66
|
yield self
|
65
67
|
|
@@ -142,8 +144,14 @@ module Gitlab
|
|
142
144
|
manifest['software']['gitlab-rails']['locked_version']
|
143
145
|
end
|
144
146
|
|
147
|
+
def process_exec_commands
|
148
|
+
exec_commands.each { |command| @docker.exec(name, command) }
|
149
|
+
end
|
150
|
+
|
145
151
|
private
|
146
152
|
|
153
|
+
attr_reader :exec_commands
|
154
|
+
|
147
155
|
def ensure_configured!
|
148
156
|
raise 'Please configure an instance first!' unless [name, release, network].all?
|
149
157
|
end
|
@@ -23,6 +23,10 @@ module Gitlab
|
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
26
|
+
def exec(name, command)
|
27
|
+
Docker::Command.execute("exec #{name} bash -c '#{command}'")
|
28
|
+
end
|
29
|
+
|
26
30
|
def read_file(image, tag, path, &block)
|
27
31
|
cat_file = "run --rm --entrypoint /bin/cat #{image}:#{tag} #{path}"
|
28
32
|
Docker::Command.execute(cat_file, &block)
|
@@ -4,6 +4,8 @@ module Gitlab
|
|
4
4
|
module Test
|
5
5
|
module Integration
|
6
6
|
class Geo < Scenario::Template
|
7
|
+
GIT_LFS_VERSION = '2.5.2'.freeze
|
8
|
+
|
7
9
|
##
|
8
10
|
# rubocop:disable Lint/MissingCopEnableDirective
|
9
11
|
# rubocop:disable Metrics/MethodLength
|
@@ -31,6 +33,7 @@ module Gitlab
|
|
31
33
|
sidekiq['concurrency'] = 2;
|
32
34
|
unicorn['worker_processes'] = 2;
|
33
35
|
OMNIBUS
|
36
|
+
primary.exec_commands = fast_ssh_key_lookup_commands + git_lfs_install_commands
|
34
37
|
|
35
38
|
primary.instance do
|
36
39
|
Component::Gitlab.perform do |secondary|
|
@@ -44,13 +47,14 @@ module Gitlab
|
|
44
47
|
unicorn['worker_processes'] = 2;
|
45
48
|
gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0'];
|
46
49
|
OMNIBUS
|
50
|
+
secondary.exec_commands = fast_ssh_key_lookup_commands + git_lfs_install_commands
|
47
51
|
|
48
52
|
secondary.act do
|
49
53
|
# TODO, we do not wait for secondary to start because of
|
50
54
|
# https://gitlab.com/gitlab-org/gitlab-ee/issues/3999
|
51
55
|
#
|
52
56
|
# rubocop:disable Style/Semicolon
|
53
|
-
prepare; start; reconfigure
|
57
|
+
prepare; start; reconfigure; process_exec_commands
|
54
58
|
|
55
59
|
# shellout to instance specs
|
56
60
|
puts 'Running Geo primary / secondary specs!'
|
@@ -73,6 +77,30 @@ module Gitlab
|
|
73
77
|
end
|
74
78
|
end
|
75
79
|
end
|
80
|
+
|
81
|
+
private
|
82
|
+
|
83
|
+
def fast_ssh_key_lookup_content
|
84
|
+
@fast_ssh_key_lookup_content ||= <<~CONTENT
|
85
|
+
# Enable fast SSH key lookup - https://docs.gitlab.com/ee/administration/operations/fast_ssh_key_lookup.html
|
86
|
+
AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k
|
87
|
+
AuthorizedKeysCommandUser git
|
88
|
+
CONTENT
|
89
|
+
end
|
90
|
+
|
91
|
+
def fast_ssh_key_lookup_commands
|
92
|
+
@fast_ssh_key_lookup_commands ||= [
|
93
|
+
%(echo -e "\n#{fast_ssh_key_lookup_content.chomp}" >> /assets/sshd_config),
|
94
|
+
'gitlab-ctl restart sshd'
|
95
|
+
]
|
96
|
+
end
|
97
|
+
|
98
|
+
def git_lfs_install_commands
|
99
|
+
@git_lfs_install_commands ||= [
|
100
|
+
"cd /tmp ; curl -qsL https://github.com/git-lfs/git-lfs/releases/download/v#{GIT_LFS_VERSION}/git-lfs-linux-amd64-v#{GIT_LFS_VERSION}.tar.gz | tar xzvf -",
|
101
|
+
'cp /tmp/git-lfs /usr/local/bin'
|
102
|
+
]
|
103
|
+
end
|
76
104
|
end
|
77
105
|
end
|
78
106
|
end
|
@@ -5,47 +5,28 @@ module Gitlab
|
|
5
5
|
module Scenario
|
6
6
|
module Test
|
7
7
|
module Integration
|
8
|
-
class GroupSAML <
|
9
|
-
|
10
|
-
|
11
|
-
|
8
|
+
class GroupSAML < SAML
|
9
|
+
def initialize
|
10
|
+
@gitlab_name = 'gitlab-group-saml'
|
11
|
+
@spec_suite = 'QA::EE::Scenario::Test::Integration::GroupSAML'
|
12
|
+
end
|
12
13
|
|
14
|
+
def before_perform(release)
|
13
15
|
raise ArgumentError, 'Group SAML is EE only feature!' unless release.ee?
|
16
|
+
end
|
14
17
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
saml.network = 'test'
|
22
|
-
saml.set_entity_id("#{gitlab.address}/groups/#{saml.group_name}")
|
23
|
-
saml.set_assertion_consumer_service("#{gitlab.address}/groups/#{saml.group_name}/-/saml/callback")
|
24
|
-
saml.set_sandbox_name(saml.group_name)
|
25
|
-
saml.set_simple_saml_hostname
|
26
|
-
saml.set_accept_insecure_certs
|
27
|
-
|
28
|
-
gitlab.omnibus_config = <<~OMNIBUS
|
29
|
-
gitlab_rails['omniauth_enabled'] = true;
|
30
|
-
gitlab_rails['omniauth_providers'] = [{ name: 'group_saml' }];
|
31
|
-
OMNIBUS
|
32
|
-
|
33
|
-
saml.instance do
|
34
|
-
gitlab.instance do
|
35
|
-
puts 'Running SAML specs!'
|
18
|
+
def configure(gitlab, saml)
|
19
|
+
saml.set_entity_id("#{gitlab.address}/groups/#{saml.group_name}")
|
20
|
+
saml.set_assertion_consumer_service("#{gitlab.address}/groups/#{saml.group_name}/-/saml/callback")
|
21
|
+
saml.set_sandbox_name(saml.group_name)
|
22
|
+
saml.set_simple_saml_hostname
|
23
|
+
saml.set_accept_insecure_certs
|
36
24
|
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
specs.args = [gitlab.address]
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end
|
25
|
+
gitlab.omnibus_config = <<~OMNIBUS
|
26
|
+
gitlab_rails['omniauth_enabled'] = true;
|
27
|
+
gitlab_rails['omniauth_providers'] = [{ name: 'group_saml' }];
|
28
|
+
OMNIBUS
|
47
29
|
end
|
48
|
-
# rubocop:enable Metrics/AbcSize
|
49
30
|
end
|
50
31
|
end
|
51
32
|
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
|
3
|
+
module Gitlab
|
4
|
+
module QA
|
5
|
+
module Scenario
|
6
|
+
module Test
|
7
|
+
module Integration
|
8
|
+
class InstanceSAML < SAML
|
9
|
+
def initialize
|
10
|
+
@gitlab_name = 'gitlab-instance-saml'
|
11
|
+
@spec_suite = 'Test::Integration::InstanceSAML'
|
12
|
+
end
|
13
|
+
|
14
|
+
def configure(gitlab, saml)
|
15
|
+
saml.set_entity_id(gitlab.address)
|
16
|
+
saml.set_assertion_consumer_service("#{gitlab.address}/users/auth/saml/callback")
|
17
|
+
saml.set_simple_saml_hostname
|
18
|
+
saml.set_accept_insecure_certs
|
19
|
+
|
20
|
+
gitlab.omnibus_config = <<~OMNIBUS
|
21
|
+
gitlab_rails['omniauth_enabled'] = true;
|
22
|
+
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'];
|
23
|
+
gitlab_rails['omniauth_block_auto_created_users'] = false;
|
24
|
+
gitlab_rails['omniauth_auto_link_saml_user'] = true;
|
25
|
+
gitlab_rails['omniauth_providers'] = [
|
26
|
+
{
|
27
|
+
name: 'saml',
|
28
|
+
args: {
|
29
|
+
assertion_consumer_service_url: '#{gitlab.address}/users/auth/saml/callback',
|
30
|
+
idp_cert_fingerprint: '11:9b:9e:02:79:59:cd:b7:c6:62:cf:d0:75:d9:e2:ef:38:4e:44:5f',
|
31
|
+
idp_sso_target_url: 'https://#{saml.hostname}:8443/simplesaml/saml2/idp/SSOService.php',
|
32
|
+
issuer: '#{gitlab.address}',
|
33
|
+
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
|
34
|
+
}
|
35
|
+
}
|
36
|
+
];
|
37
|
+
OMNIBUS
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
|
3
|
+
module Gitlab
|
4
|
+
module QA
|
5
|
+
module Scenario
|
6
|
+
module Test
|
7
|
+
module Integration
|
8
|
+
class SAML < Scenario::Template
|
9
|
+
attr_reader :gitlab_name, :spec_suite
|
10
|
+
|
11
|
+
def configure(gitlab, saml)
|
12
|
+
raise NotImplementedError
|
13
|
+
end
|
14
|
+
|
15
|
+
def before_perform(release)
|
16
|
+
# no-op
|
17
|
+
end
|
18
|
+
|
19
|
+
def perform(release)
|
20
|
+
release = Release.new(release)
|
21
|
+
before_perform(release)
|
22
|
+
|
23
|
+
Component::Gitlab.perform do |gitlab|
|
24
|
+
gitlab.release = release.edition
|
25
|
+
gitlab.network = 'test'
|
26
|
+
gitlab.name = gitlab_name
|
27
|
+
|
28
|
+
Component::SAML.perform do |saml|
|
29
|
+
saml.network = 'test'
|
30
|
+
configure(gitlab, saml)
|
31
|
+
|
32
|
+
saml.instance do
|
33
|
+
gitlab.instance do
|
34
|
+
puts "Running #{spec_suite} specs!"
|
35
|
+
|
36
|
+
Component::Specs.perform do |specs|
|
37
|
+
specs.suite = spec_suite
|
38
|
+
specs.release = release
|
39
|
+
specs.network = gitlab.network
|
40
|
+
specs.args = [gitlab.address]
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
data/lib/gitlab/qa/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: gitlab-qa
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Grzegorz Bizon
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-10-
|
11
|
+
date: 2018-10-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: climate_control
|
@@ -119,6 +119,7 @@ files:
|
|
119
119
|
- ".dockerignore"
|
120
120
|
- ".gitignore"
|
121
121
|
- ".gitlab-ci.yml"
|
122
|
+
- ".gitlab/issue_templates/Release.md"
|
122
123
|
- ".rspec"
|
123
124
|
- ".rubocop.yml"
|
124
125
|
- ".travis.yml"
|
@@ -164,10 +165,12 @@ files:
|
|
164
165
|
- lib/gitlab/qa/scenario/test/instance/staging.rb
|
165
166
|
- lib/gitlab/qa/scenario/test/integration/geo.rb
|
166
167
|
- lib/gitlab/qa/scenario/test/integration/group_saml.rb
|
168
|
+
- lib/gitlab/qa/scenario/test/integration/instance_saml.rb
|
167
169
|
- lib/gitlab/qa/scenario/test/integration/kubernetes.rb
|
168
170
|
- lib/gitlab/qa/scenario/test/integration/ldap.rb
|
169
171
|
- lib/gitlab/qa/scenario/test/integration/mattermost.rb
|
170
172
|
- lib/gitlab/qa/scenario/test/integration/object_storage.rb
|
173
|
+
- lib/gitlab/qa/scenario/test/integration/saml.rb
|
171
174
|
- lib/gitlab/qa/scenario/test/omnibus/image.rb
|
172
175
|
- lib/gitlab/qa/scenario/test/omnibus/update.rb
|
173
176
|
- lib/gitlab/qa/scenario/test/omnibus/upgrade.rb
|