gitlab-qa 5.13.3 → 5.14.0

data/lib/gitlab/qa/component/saml.rb

@@ -6,22 +6,9 @@ require 'securerandom'
 module Gitlab
   module QA
     module Component
-      class SAML
-        include Scenario::Actable
-
-        SAML_IMAGE = 'jamedjo/test-saml-idp'.freeze
-        SAML_IMAGE_TAG = 'latest'.freeze
-
-        attr_reader :docker
-        attr_accessor :volumes, :network, :environment
-        attr_writer :name
-
-        def initialize
-          @docker = Docker::Engine.new
-          @environment = {}
-          @volumes = {}
-          @network_aliases = []
-        end
+      class SAML < Base
+        DOCKER_IMAGE = 'jamedjo/test-saml-idp'.freeze
+        DOCKER_IMAGE_TAG = 'latest'.freeze
 
         def set_entity_id(entity_id)
           @environment['SIMPLESAMLPHP_SP_ENTITY_ID'] = entity_id
@@ -31,18 +18,10 @@ module Gitlab
           @environment['SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE'] = assertion_con_service
         end
 
-        def add_network_alias(name)
-          @network_aliases.push(name)
-        end
-
         def name
           @name ||= "saml-qa-idp"
         end
 
-        def hostname
-          "#{name}.#{network}"
-        end
-
         def group_name
           @group_name ||= "saml_sso_group-#{SecureRandom.hex(4)}"
         end
@@ -50,25 +29,12 @@ module Gitlab
         def instance
           raise 'Please provide a block!' unless block_given?
 
-          prepare
-          start
-
-          yield self
-        ensure
-          teardown
-        end
-
-        def prepare
-          pull
-
-          return if @docker.network_exists?(network)
-
-          @docker.network_create(network)
+          super
         end
 
         # rubocop:disable Metrics/AbcSize
         def start
-          docker.run(SAML_IMAGE, SAML_IMAGE_TAG) do |command|
+          docker.run(image, tag) do |command|
             command << '-d '
             command << "--name #{name}"
             command << "--net #{network}"
@@ -91,21 +57,6 @@ module Gitlab
         end
         # rubocop:enable Metrics/AbcSize
 
-        def restart
-          @docker.restart(name)
-        end
-
-        def teardown
-          raise 'Invalid instance name!' unless name
-
-          @docker.stop(name)
-          @docker.remove(name)
-        end
-
-        def pull
-          @docker.pull(SAML_IMAGE, SAML_IMAGE_TAG)
-        end
-
         def set_sandbox_name(sandbox_name)
           ::Gitlab::QA::Runtime::Env.gitlab_sandbox_name = sandbox_name
         end

data/lib/gitlab/qa/component/specs.rb

@@ -8,7 +8,7 @@ module Gitlab
       # the `qa/` directory located in GitLab CE / EE repositories.
       #
       class Specs < Scenario::Template
-        attr_accessor :suite, :release, :network, :args, :volumes, :env
+        attr_accessor :suite, :release, :network, :args, :volumes, :env, :runner_network
 
         def initialize
           @docker = Docker::Engine.new
@@ -19,16 +19,7 @@ module Gitlab
         def perform # rubocop:disable Metrics/AbcSize
           raise ArgumentError unless [suite, release].all?
 
-          if release.dev_gitlab_org?
-            Docker::Command.execute(
-              [
-                'login',
-                '--username gitlab-qa-bot',
-                %(--password "#{Runtime::Env.dev_access_token_variable}"),
-                QA::Release::DEV_REGISTRY
-              ]
-            )
-          end
+          @docker.login(**release.login_params) if release.login_params
 
           puts "Running test suite `#{suite}` for #{release.project_name}"
 

data/lib/gitlab/qa/docker/engine.rb

@@ -3,11 +3,16 @@ module Gitlab
     module Docker
       class Engine
         DOCKER_HOST = ENV['DOCKER_HOST'] || 'http://localhost'
+        PRIVILEGED_COMMANDS = [/^iptables.*/].freeze
 
         def hostname
           URI(DOCKER_HOST).host
         end
 
+        def login(username:, password:, registry:)
+          Docker::Command.execute(%(login --username "#{username}" --password "#{password}" #{registry}))
+        end
+
         def pull(image, tag)
           Docker::Command.execute("pull #{image}:#{tag}")
         end
@@ -23,8 +28,18 @@ module Gitlab
           end
         end
 
+        def privileged_command?(command)
+          PRIVILEGED_COMMANDS.each do |privileged_regex|
+            return true if command.match(privileged_regex)
+          end
+
+          false
+        end
+
         def exec(name, command)
-          Docker::Command.execute("exec #{name} bash -c '#{command}'")
+          cmd = ['exec']
+          cmd << '--privileged' if privileged_command?(command)
+          Docker::Command.execute("#{cmd.join(' ')} #{name} bash -c '#{command}'")
         end
 
         def read_file(image, tag, path, &block)
@@ -63,6 +78,10 @@ module Gitlab
         def port(name, port)
           Docker::Command.execute("port #{name} #{port}/tcp")
         end
+
+        def running?(name)
+          Docker::Command.execute("ps -f name=#{name}").include?(name)
+        end
       end
     end
   end

data/lib/gitlab/qa/release.rb

@@ -135,6 +135,26 @@ module Gitlab
         end
       end
 
+      def login_params
+        if dev_gitlab_org?
+          Runtime::Env.require_qa_dev_access_token!
+
+          {
+            username: Runtime::Env.gitlab_dev_username,
+            password: Runtime::Env.dev_access_token_variable,
+            registry: DEV_REGISTRY
+          }
+        elsif omnibus_mirror?
+          Runtime::Env.require_gitlab_bot_multi_project_pipeline_polling_token!
+
+          {
+            username: Runtime::Env.gitlab_username,
+            password: Runtime::Env.gitlab_bot_multi_project_pipeline_polling_token,
+            registry: COM_REGISTRY
+          }
+        end
+      end
+
       def dev_gitlab_org?
         image.start_with?(DEV_REGISTRY)
       end

data/lib/gitlab/qa/runtime/env.rb

@@ -84,10 +84,22 @@ module Gitlab
           send(:attr_accessor, accessor) # rubocop:disable GitlabSecurity/PublicSend
         end
 
+        def gitlab_username
+          ENV['GITLAB_USERNAME'] || 'gitlab-qa'
+        end
+
+        def gitlab_dev_username
+          ENV['GITLAB_DEV_USERNAME'] || 'gitlab-qa-bot'
+        end
+
         def gitlab_api_base
           ENV['GITLAB_API_BASE'] || 'https://gitlab.com/api/v4'
         end
 
+        def gitlab_bot_multi_project_pipeline_polling_token
+          ENV['GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN']
+        end
+
         def ci_job_name
           ENV['CI_JOB_NAME']
         end
@@ -195,8 +207,14 @@ module Gitlab
           end
         end
 
+        def require_gitlab_bot_multi_project_pipeline_polling_token!
+          return unless ENV['GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN'].to_s.strip.empty?
+
+          raise ArgumentError, "Please provide GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN"
+        end
+
         def skip_pull?
-          (ENV['QA_SKIP_PULL'] =~ /^(false|no|0)$/i) != 0
+          enabled?(ENV['QA_SKIP_PULL'], default: false)
         end
 
         def gitlab_qa_formless_login_token
@@ -205,6 +223,12 @@ module Gitlab
 
         private
 
+        def enabled?(value, default: true)
+          return default if value.nil?
+
+          (value =~ /^(false|no|0)$/i) != 0
+        end
+
         def env_value_if_defined(variable)
           # Pass through the variables if they are defined in the environment
           return "$#{variable}" if ENV[variable]

data/lib/gitlab/qa/runtime/scenario.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module QA
+    module Runtime
+      ##
+      # Singleton approach to global test scenario arguments.
+      #
+      module Scenario
+        extend self
+
+        def attributes
+          @attributes ||= {}
+        end
+
+        def define(attribute, value)
+          attributes.store(attribute.to_sym, value)
+
+          define_singleton_method(attribute) do
+            attributes[attribute.to_sym].tap do |value|
+              if value.to_s.empty?
+                raise ArgumentError, "Empty `#{attribute}` attribute!"
+              end
+            end
+          end
+        end
+
+        # rubocop:disable Style/MethodMissing
+        def method_missing(name, *)
+          raise ArgumentError, "Scenario attribute `#{name}` not defined!"
+        end
+        # rubocop:enable Style/MethodMissing
+      end
+    end
+  end
+end

data/lib/gitlab/qa/scenario/test/instance/airgapped.rb

@@ -0,0 +1,68 @@
+module Gitlab
+  module QA
+    module Scenario
+      module Test
+        module Instance
+          class Airgapped < Scenario::Template
+            require 'resolv'
+            attr_accessor :commands
+
+            def initialize
+              gitlab_ip = Resolv.getaddress('registry.gitlab.com')
+              @commands = <<~AIRGAP_AND_VERIFY_COMMAND.split(/\n+/)
+                # Should not fail before airgapping due to eg. DNS failure
+                # Ping and wget check
+                apt-get update && apt-get install -y iptables netcat
+                nc -zv -w 10 #{gitlab_ip} 80 && (echo \"Regular connectivity netcat check passed.\" && exit 0) || (echo \"Regular connectivity netcat check failed.\" && exit 1)
+                echo "Checking regular connectivity..." \
+                  && wget --retry-connrefused --waitretry=1 --read-timeout=15 --timeout=10 -t 2 http://registry.gitlab.com > /dev/null 2>&1 \
+                  && (echo "Regular connectivity wget check passed." && exit 0) || (echo "Regular connectivity wget check failed." && exit 1)
+
+                iptables -P INPUT DROP && iptables -P OUTPUT DROP
+                iptables -A INPUT -i lo -j ACCEPT && iptables -A OUTPUT -o lo -j ACCEPT # LOOPBACK
+                iptables -I INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+                iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+                # Jenkins on port 8080 and 50000
+                iptables -A OUTPUT -p tcp -m tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT \
+                  && iptables -A OUTPUT -p tcp -m tcp --dport 50000 -m state --state NEW,ESTABLISHED -j ACCEPT
+                iptables -A OUTPUT -p tcp -m tcp --sport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
+                iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
+                iptables -A OUTPUT -p tcp -m tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+                iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+                # Should now fail to ping and wget, port 80 should be open
+                nc -zv -w 10 #{gitlab_ip} 80 && (echo \"Airgapped network faulty. Connectivity netcat check failed.\" && exit 1) || (echo \"Connectivity netcat check passed.\" && exit 0)
+                nc -zv -w 10 127.0.0.1 22 && (echo "Airgapped connectivity port 22 check passed." && exit 0) || (echo "Airgapped connectivity port 22 check failed." && exit 1)
+                nc -zv -w 10 127.0.0.1 80 && (echo "Airgapped connectivity port 80 check passed." && exit 0) || (echo "Airgapped connectivity port 80 check failed." && exit 1)
+                echo "Checking airgapped connectivity..." \
+                  && wget --retry-connrefused --waitretry=1 --read-timeout=15 --timeout=10 -t 2 http://registry.gitlab.com > /dev/null 2>&1 \
+                  && (echo "Airgapped network faulty. Connectivity wget check failed." && exit 1) || (echo "Airgapped network confirmed. Connectivity wget check passed." && exit 0)
+              AIRGAP_AND_VERIFY_COMMAND
+            end
+
+            def perform(release, *rspec_args)
+              Component::Gitlab.perform do |gitlab|
+                gitlab.release = release
+                gitlab.network = 'test'
+                gitlab.runner_network = 'airgapped'
+                gitlab.exec_commands = @commands
+                rspec_args << "--" unless rspec_args.include?('--')
+                rspec_args << %w[--tag ~orchestrated]
+                gitlab.instance do
+                  Component::Specs.perform do |specs|
+                    specs.suite = 'Test::Instance::Airgapped'
+                    specs.release = gitlab.release
+                    specs.network = gitlab.network
+                    specs.runner_network = gitlab.runner_network
+                    specs.args = [gitlab.address, *rspec_args]
+                  end
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/qa/scenario/test/integration/gitaly_ha.rb

@@ -31,7 +31,7 @@ module Gitlab
                         praefect.release = QA::Release.new(release)
                         praefect.name = @praefect_node
                         praefect.network = @network
-                        praefect.skip_check = true
+                        praefect.skip_availability_check = true
 
                         praefect.omnibus_config = praefect_omnibus_configuration
 
@@ -149,7 +149,7 @@ module Gitlab
                 gitaly.release = QA::Release.new(release)
                 gitaly.name = name
                 gitaly.network = @network
-                gitaly.skip_check = true
+                gitaly.skip_availability_check = true
 
                 gitaly.omnibus_config = gitaly_omnibus_configuration
 

data/lib/gitlab/qa/version.rb

@@ -1,5 +1,5 @@
 module Gitlab
   module QA
-    VERSION = '5.13.3'.freeze
+    VERSION = '5.14.0'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-qa
 version: !ruby/object:Gem::Version
-  version: 5.13.3
+  version: 5.14.0
 platform: ruby
 authors:
 - Grzegorz Bizon
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-29 00:00:00.000000000 Z
+date: 2020-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: climate_control
@@ -237,6 +237,7 @@ files:
 - fixtures/ldap/tanuki.ldif
 - gitlab-qa.gemspec
 - lib/gitlab/qa.rb
+- lib/gitlab/qa/component/base.rb
 - lib/gitlab/qa/component/elasticsearch.rb
 - lib/gitlab/qa/component/gitlab.rb
 - lib/gitlab/qa/component/internet_tunnel.rb
@@ -263,10 +264,12 @@ files:
 - lib/gitlab/qa/reporter.rb
 - lib/gitlab/qa/runner.rb
 - lib/gitlab/qa/runtime/env.rb
+- lib/gitlab/qa/runtime/scenario.rb
 - lib/gitlab/qa/runtime/token_finder.rb
 - lib/gitlab/qa/scenario/actable.rb
 - lib/gitlab/qa/scenario/cli_commands.rb
 - lib/gitlab/qa/scenario/template.rb
+- lib/gitlab/qa/scenario/test/instance/airgapped.rb
 - lib/gitlab/qa/scenario/test/instance/any.rb
 - lib/gitlab/qa/scenario/test/instance/deployment_base.rb
 - lib/gitlab/qa/scenario/test/instance/geo.rb
@@ -327,7 +330,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Integration tests for GitLab