gitlab-qa 5.13.6 → 5.16.0

data/lib/gitlab/qa/component/saml.rb

@@ -6,22 +6,9 @@ require 'securerandom'
 module Gitlab
   module QA
     module Component
-      class SAML
-        include Scenario::Actable
-
-        SAML_IMAGE = 'jamedjo/test-saml-idp'.freeze
-        SAML_IMAGE_TAG = 'latest'.freeze
-
-        attr_reader :docker
-        attr_accessor :volumes, :network, :environment
-        attr_writer :name
-
-        def initialize
-          @docker = Docker::Engine.new
-          @environment = {}
-          @volumes = {}
-          @network_aliases = []
-        end
+      class SAML < Base
+        DOCKER_IMAGE = 'jamedjo/test-saml-idp'.freeze
+        DOCKER_IMAGE_TAG = 'latest'.freeze
 
         def set_entity_id(entity_id)
           @environment['SIMPLESAMLPHP_SP_ENTITY_ID'] = entity_id
@@ -31,18 +18,10 @@ module Gitlab
           @environment['SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE'] = assertion_con_service
         end
 
-        def add_network_alias(name)
-          @network_aliases.push(name)
-        end
-
         def name
           @name ||= "saml-qa-idp"
         end
 
-        def hostname
-          "#{name}.#{network}"
-        end
-
         def group_name
           @group_name ||= "saml_sso_group-#{SecureRandom.hex(4)}"
         end
@@ -50,25 +29,12 @@ module Gitlab
         def instance
           raise 'Please provide a block!' unless block_given?
 
-          prepare
-          start
-
-          yield self
-        ensure
-          teardown
-        end
-
-        def prepare
-          pull
-
-          return if @docker.network_exists?(network)
-
-          @docker.network_create(network)
+          super
         end
 
         # rubocop:disable Metrics/AbcSize
         def start
-          docker.run(SAML_IMAGE, SAML_IMAGE_TAG) do |command|
+          docker.run(image, tag) do |command|
             command << '-d '
             command << "--name #{name}"
             command << "--net #{network}"
@@ -91,21 +57,6 @@ module Gitlab
         end
         # rubocop:enable Metrics/AbcSize
 
-        def restart
-          @docker.restart(name)
-        end
-
-        def teardown
-          raise 'Invalid instance name!' unless name
-
-          @docker.stop(name)
-          @docker.remove(name)
-        end
-
-        def pull
-          @docker.pull(SAML_IMAGE, SAML_IMAGE_TAG)
-        end
-
         def set_sandbox_name(sandbox_name)
           ::Gitlab::QA::Runtime::Env.gitlab_sandbox_name = sandbox_name
         end

data/lib/gitlab/qa/component/specs.rb

@@ -8,7 +8,7 @@ module Gitlab
       # the `qa/` directory located in GitLab CE / EE repositories.
       #
       class Specs < Scenario::Template
-        attr_accessor :suite, :release, :network, :args, :volumes, :env
+        attr_accessor :suite, :release, :network, :args, :volumes, :env, :runner_network
 
         def initialize
           @docker = Docker::Engine.new
@@ -17,18 +17,11 @@ module Gitlab
         end
 
         def perform # rubocop:disable Metrics/AbcSize
+          return puts "Skipping tests." if skip_tests?
+
           raise ArgumentError unless [suite, release].all?
 
-          if release.dev_gitlab_org?
-            Docker::Command.execute(
-              [
-                'login',
-                '--username gitlab-qa-bot',
-                %(--password "#{Runtime::Env.dev_access_token_variable}"),
-                QA::Release::DEV_REGISTRY
-              ]
-            )
-          end
+          @docker.login(**release.login_params) if release.login_params
 
           puts "Running test suite `#{suite}` for #{release.project_name}"
 
@@ -51,6 +44,12 @@ module Gitlab
             command.name(name)
           end
         end
+
+        private
+
+        def skip_tests?
+          Runtime::Scenario.attributes.include?(:run_tests) && !Runtime::Scenario.run_tests
+        end
       end
     end
   end

data/lib/gitlab/qa/docker/command.rb

@@ -4,8 +4,9 @@ module Gitlab
       class Command
         attr_reader :args
 
-        def initialize(cmd = nil)
+        def initialize(cmd = nil, mask_secrets: nil)
           @args = Array(cmd)
+          @mask_secrets = Array(mask_secrets)
         end
 
         def <<(*args)
@@ -28,6 +29,17 @@ module Gitlab
           "docker #{@args.join(' ')}"
         end
 
+        # Returns a masked string form of a Command
+        #
+        # @example
+        #   Command.new('a docker command', mask_secrets: 'command').mask_secrets #=> 'a docker *****'
+        #   Command.new('a docker command', mask_secrets: %w[docker command]).mask_secrets #=> 'a ***** *****'
+        #
+        # @return [String] The masked command string
+        def mask_secrets
+          @mask_secrets.each_with_object(to_s) { |secret, s| s.gsub!(secret, '*****') }
+        end
+
         def ==(other)
           to_s == other.to_s
         end
@@ -36,8 +48,8 @@ module Gitlab
           Docker::Shellout.new(self).execute!(&block)
         end
 
-        def self.execute(cmd, &block)
-          new(cmd).execute!(&block)
+        def self.execute(cmd, mask_secrets: nil, &block)
+          new(cmd, mask_secrets: mask_secrets).execute!(&block)
         end
       end
     end

data/lib/gitlab/qa/docker/engine.rb

@@ -3,11 +3,16 @@ module Gitlab
     module Docker
       class Engine
         DOCKER_HOST = ENV['DOCKER_HOST'] || 'http://localhost'
+        PRIVILEGED_COMMANDS = [/^iptables.*/].freeze
 
         def hostname
           URI(DOCKER_HOST).host
         end
 
+        def login(username:, password:, registry:)
+          Docker::Command.execute(%(login --username "#{username}" --password "#{password}" #{registry}), mask_secrets: password)
+        end
+
         def pull(image, tag)
           Docker::Command.execute("pull #{image}:#{tag}")
         end
@@ -23,8 +28,18 @@ module Gitlab
           end
         end
 
+        def privileged_command?(command)
+          PRIVILEGED_COMMANDS.each do |privileged_regex|
+            return true if command.match(privileged_regex)
+          end
+
+          false
+        end
+
         def exec(name, command)
-          Docker::Command.execute("exec #{name} bash -c '#{command}'")
+          cmd = ['exec']
+          cmd << '--privileged' if privileged_command?(command)
+          Docker::Command.execute("#{cmd.join(' ')} #{name} bash -c '#{command}'")
         end
 
         def read_file(image, tag, path, &block)
@@ -63,6 +78,14 @@ module Gitlab
         def port(name, port)
           Docker::Command.execute("port #{name} #{port}/tcp")
         end
+
+        def running?(name)
+          Docker::Command.execute("ps -f name=#{name}").include?(name)
+        end
+
+        def ps(name = nil)
+          Docker::Command.execute(['ps', name].compact.join(' '))
+        end
       end
     end
   end

data/lib/gitlab/qa/docker/shellout.rb

@@ -10,7 +10,7 @@ module Gitlab
           @command = command
           @output = []
 
-          puts "Docker shell command: `#{@command}`"
+          puts "Docker shell command: `#{@command.mask_secrets}`"
         end
 
         def execute!
@@ -28,7 +28,7 @@ module Gitlab
             end
 
             if wait.value.exited? && wait.value.exitstatus.nonzero?
-              raise StatusError, "Docker command `#{@command}` failed!"
+              raise StatusError, "Docker command `#{@command.mask_secrets}` failed!"
             end
           end
 

data/lib/gitlab/qa/release.rb

@@ -135,6 +135,35 @@ module Gitlab
         end
       end
 
+      def login_params
+        return if Runtime::Env.skip_pull?
+
+        if dev_gitlab_org?
+          Runtime::Env.require_qa_dev_access_token!
+
+          {
+            username: Runtime::Env.gitlab_dev_username,
+            password: Runtime::Env.dev_access_token_variable,
+            registry: DEV_REGISTRY
+          }
+        elsif omnibus_mirror?
+          username, password = if Runtime::Env.ci_job_token && Runtime::Env.ci_pipeline_source == 'pipeline'
+                                 ['gitlab-ci-token', Runtime::Env.ci_job_token]
+                               elsif Runtime::Env.qa_container_registry_access_token
+                                 [Runtime::Env.gitlab_username, Runtime::Env.qa_container_registry_access_token]
+                               else
+                                 Runtime::Env.require_qa_access_token!
+
+                                 [Runtime::Env.gitlab_username, Runtime::Env.qa_access_token]
+                               end
+          {
+            username: username,
+            password: password,
+            registry: COM_REGISTRY
+          }
+        end
+      end
+
       def dev_gitlab_org?
         image.start_with?(DEV_REGISTRY)
       end
@@ -147,6 +176,10 @@ module Gitlab
         canonical? || release.match?(CUSTOM_GITLAB_IMAGE_REGEX)
       end
 
+      def api_project_name
+        project_name.gsub('ce', 'foss').gsub('-ee', '')
+      end
+
       private
 
       def canonical?

data/lib/gitlab/qa/runner.rb

@@ -4,22 +4,20 @@ module Gitlab
   module QA
     # rubocop:disable Metrics/AbcSize
     class Runner
-      # These options are implemented in the QA framework (i.e., in the CE/EE codebase)
-      # They're included here so that gitlab-qa treats them as valid options
-      PASS_THROUGH_OPTS = [
-        ['--address URL', 'Address of the instance to test'],
-        ['--enable-feature FEATURE_FLAG', 'Enable a feature before running tests'],
-        ['--mattermost-address URL', 'Address of the Mattermost server'],
-        ['--parallel', 'Execute tests in parallel'],
-        ['--loop', 'Execute tests in a loop']
-      ].freeze
-
       def self.run(args)
-        options = OptionParser.new do |opts|
+        Runtime::Scenario.define(:teardown, true)
+        Runtime::Scenario.define(:run_tests, true)
+
+        @options = OptionParser.new do |opts|
           opts.banner = 'Usage: gitlab-qa [options] Scenario URL [[--] path] [rspec_options]'
 
-          PASS_THROUGH_OPTS.each do |opt|
-            opts.on(*opt)
+          opts.on('--no-teardown', 'Skip teardown of containers after the scenario completes.') do
+            Runtime::Scenario.define(:teardown, false)
+          end
+
+          opts.on('--no-tests', 'Orchestrates the docker containers but does not run the tests. Implies --no-teardown') do
+            Runtime::Scenario.define(:run_tests, false)
+            Runtime::Scenario.define(:teardown, false)
           end
 
           opts.on_tail('-v', '--version', 'Show the version') do
@@ -33,19 +31,29 @@ module Gitlab
             exit
           end
 
-          opts.parse(args)
+          begin
+            opts.parse(args)
+          rescue OptionParser::InvalidOption
+            # Ignore invalid options and options that are passed through to the tests
+          end
         end
 
+        args.reject! { |arg| gitlab_qa_options.include?(arg) }
+
         if args.size >= 1
           Scenario
             .const_get(args.shift)
             .perform(*args)
         else
-          puts options
+          puts @options
           exit 1
         end
       end
       # rubocop:enable Metrics/AbcSize
+
+      def self.gitlab_qa_options
+        @gitlab_qa_options ||= @options.top.list.map(&:long).flatten
+      end
     end
   end
 end

data/lib/gitlab/qa/runtime/env.rb

@@ -38,6 +38,7 @@ module Gitlab
           'SIGNUP_DISABLED' => :signup_disabled,
           'QA_ADDITIONAL_REPOSITORY_STORAGE' => :qa_additional_repository_storage,
           'QA_PRAEFECT_REPOSITORY_STORAGE' => :qa_praefect_repository_storage,
+          'QA_GITALY_NON_CLUSTER_STORAGE' => :qa_gitaly_non_cluster_storage,
           'QA_COOKIES' => :qa_cookie,
           'QA_DEBUG' => :qa_debug,
           'QA_LOG_PATH' => :qa_log_path,
@@ -84,18 +85,38 @@ module Gitlab
           send(:attr_accessor, accessor) # rubocop:disable GitlabSecurity/PublicSend
         end
 
+        def gitlab_username
+          ENV['GITLAB_USERNAME'] || 'gitlab-qa'
+        end
+
+        def gitlab_dev_username
+          ENV['GITLAB_DEV_USERNAME'] || 'gitlab-qa-bot'
+        end
+
         def gitlab_api_base
           ENV['GITLAB_API_BASE'] || 'https://gitlab.com/api/v4'
         end
 
+        def gitlab_bot_multi_project_pipeline_polling_token
+          ENV['GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN']
+        end
+
         def ci_job_name
           ENV['CI_JOB_NAME']
         end
 
+        def ci_job_token
+          ENV['CI_JOB_TOKEN']
+        end
+
         def ci_job_url
           ENV['CI_JOB_URL']
         end
 
+        def ci_pipeline_source
+          ENV['CI_PIPELINE_SOURCE']
+        end
+
         def ci_project_name
           ENV['CI_PROJECT_NAME']
         end
@@ -132,6 +153,10 @@ module Gitlab
           ENV['GITLAB_QA_DEV_ACCESS_TOKEN']
         end
 
+        def qa_container_registry_access_token
+          ENV['GITLAB_QA_CONTAINER_REGISTRY_ACCESS_TOKEN']
+        end
+
         def host_artifacts_dir
           @host_artifacts_dir ||= File.join(ENV['QA_ARTIFACTS_DIR'] || '/tmp/gitlab-qa', Runtime::Env.run_id)
         end
@@ -196,7 +221,7 @@ module Gitlab
         end
 
         def skip_pull?
-          (ENV['QA_SKIP_PULL'] =~ /^(false|no|0)$/i) != 0
+          enabled?(ENV['QA_SKIP_PULL'], default: false)
         end
 
         def gitlab_qa_formless_login_token
@@ -205,6 +230,12 @@ module Gitlab
 
         private
 
+        def enabled?(value, default: true)
+          return default if value.nil?
+
+          (value =~ /^(false|no|0)$/i) != 0
+        end
+
         def env_value_if_defined(variable)
           # Pass through the variables if they are defined in the environment
           return "$#{variable}" if ENV[variable]

data/lib/gitlab/qa/runtime/scenario.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module QA
+    module Runtime
+      ##
+      # Singleton approach to global test scenario arguments.
+      #
+      module Scenario
+        extend self
+
+        def attributes
+          @attributes ||= {}
+        end
+
+        def define(attribute, value)
+          attributes.store(attribute.to_sym, value)
+
+          define_singleton_method(attribute) do
+            attributes[attribute.to_sym].tap do |value|
+              if value.to_s.empty?
+                raise ArgumentError, "Empty `#{attribute}` attribute!"
+              end
+            end
+          end
+        end
+
+        # rubocop:disable Style/MethodMissing
+        def method_missing(name, *)
+          raise ArgumentError, "Scenario attribute `#{name}` not defined!"
+        end
+        # rubocop:enable Style/MethodMissing
+      end
+    end
+  end
+end