gitlab-qa 8.14.0 → 8.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 222f774a1b76d96311b8f50d198073376ec3a1c3728a85c181df3c7334635cc2
-  data.tar.gz: 76038a8e5fb395209798fae12d58b29b297d4ea7b62b1227867b48547fa832e8
+  metadata.gz: 6f8235a7dbc3c61a6f538089128dc4a5ba7219c435a2fd107b9be7a7f8e79a23
+  data.tar.gz: 3ce7fbdcc46f5f7b7a25e87af2b681c8ef314c48afef9a7e0c139361dcfed7bc
 SHA512:
-  metadata.gz: b52cf9e0f2e4ac6b7650c08cbbdc20428cf97dcb8ec4425c10d5b20c5b0b60c324336f6b39c82c01ff6ccb3a0ecc934204288dc76ceb1f677dfb7f55da73fca5
-  data.tar.gz: e315e743dfd37f56cde0e7eff20ae757a7bb8f254cdea861871f22fffb36e58061bbe93a213036207efc685899ad04886374e7fd497ea4bf4b31251d1b1c0071
+  metadata.gz: a44d2a6d39df421e02e6dcb96b41aa32a53a65366f983e853376bde2c6b0e17ab1099ccd1b675c4c0b4b93e2bdd94bf661fff2e02edf8e68d43a7e2535ae756c
+  data.tar.gz: 919565630e715538ed4867339a27e553d90a80b3185b1caab4303aa65ef026a882f3fbb6446cbf5eb0e95944659da6adf6270ba2ecece62b85e60117248d9aee

data/.gitlab/ci/jobs/airgapped.gitlab-ci.yml

@@ -5,9 +5,10 @@ ce:airgapped:
     - .high-capacity
     - .ce-variables
     - .rspec-report-opts
+  parallel: 10
   variables:
     QA_SCENARIO: "Test::Instance::Airgapped"
-    QA_RSPEC_TAGS: "--tag smoke"
+    QA_RSPEC_TAGS: "--tag '~github' --tag '~skip_live_env'"
 
 ee:airgapped:
   extends:
@@ -16,8 +17,7 @@ ee:airgapped:
     - .high-capacity
     - .ee-variables
     - .rspec-report-opts
+  parallel: 10
   variables:
     QA_SCENARIO: "Test::Instance::Airgapped"
-    QA_RSPEC_TAGS: "--tag smoke"
-
-
+    QA_RSPEC_TAGS: "--tag '~github' --tag '~skip_live_env'"

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    gitlab-qa (8.14.0)
+    gitlab-qa (8.15.0)
       activesupport (~> 6.1)
       gitlab (~> 4.18.0)
       http (~> 5.0)
@@ -102,7 +102,7 @@ GEM
       rubocop-rails (~> 2.9)
       rubocop-rspec (~> 1.44)
     hashdiff (1.0.1)
-    http (5.1.0)
+    http (5.1.1)
       addressable (~> 2.8)
       http-cookie (~> 1.0)
       http-form_data (~> 2.2)
@@ -120,6 +120,7 @@ GEM
       rexml
     kramdown-parser-gfm (1.1.0)
       kramdown (~> 2.0)
+    lefthook (1.2.6)
     llhttp-ffi (0.4.0)
       ffi-compiler (~> 1.0)
       rake (~> 13.0)
@@ -240,6 +241,7 @@ DEPENDENCIES
   gitlab-dangerfiles (~> 2.11)
   gitlab-qa!
   gitlab-styles (~> 6.2.1)
+  lefthook (~> 1.2.6)
   pry (~> 0.11)
   rake (~> 13.0)
   rspec (~> 3.7)

data/docs/developer/http_mocking.md

@@ -0,0 +1,28 @@
+# HTTP mocking
+
+Some scenario types might require mocking third party services. [Mock server](../../lib/gitlab/qa/component/mock_server.rb) component
+can be used for that. It is based on simple http mock server called [smocker](https://smocker.dev/).
+
+## Using
+
+Simple usage example:
+
+```ruby
+Component::Gitlab.perform do |gitlab|
+  gitlab.network = 'test'
+  gitlab.instance do
+    Component::MockServer.perform do |mock|
+      mock.network = gitlab.network
+      mock.instance do
+        Component::Specs.perform do
+          ...
+        end
+      end
+    end
+  end
+end
+```
+
+Mock server will be accessible from within gitlab or qa test container via `http://smocker.test` url and admin interface will be
+accessible via `http://smocker.test:8081`. Refer to [Getting Started](https://smocker.dev/guide/getting-started.html) guide on
+how to use the server and define mocked requests and responses.

data/docs/developer/ssl.md

@@ -0,0 +1,32 @@
+# SSL
+
+## Enabling https for services
+
+In order to test services with ssl enabled, `certificate authority (CA)` certs as well as applicant key pairs have been created and are
+located in [tls_certificates/](../../tls_certificates/) folder.
+
+**All certificates are used for testing purposes only and are not present in any of release images.**
+
+## Generating new key pairs
+
+To create new key pair for a new service, following commands can be used:
+
+* creating new private key:
+
+```console
+$ cd tls_certificates && mkdir service && cd service
+```
+
+```console
+$ openssl genrsa -out service.key 4096
+```
+
+* creating public key and `certificate signing request (CSR)`
+
+```console
+$ openssl req -new -key service.key -out service.csr -subj "/C=US/ST=California/L=San Francisco/O=Gitlab Authors/CN=service.test" -addext "subjectAltName=DNS:service.test,DNS:extra.service.test"
+```
+
+```console
+$ openssl x509 -req -days 3650 -in service.csr -CA ../authority/ca.crt -CAkey ../authority/ca.key -set_serial 1 -out service.crt -extfile <(printf "subjectAltName=DNS:service.test,DNS:extra.service.test")
+```

data/docs/developer/style_guide.md

@@ -0,0 +1,29 @@
+# Style Guide
+
+## RuboCop rule development guide
+
+Our codebase style is defined and enforced by [RuboCop](https://github.com/rubocop/rubocop).
+
+You can check for any offenses locally with `bundle exec rubocop --parallel`.
+On the CI, this is automatically checked by the `rubocop` jobs in the `check` stage.
+
+### Lefthook
+
+[Lefthook](https://github.com/evilmartians/lefthook) is a Git hooks manager that allows
+custom logic to be executed prior to Git committing or pushing. GitLab comes with
+Lefthook configuration (`lefthook.yml`), but it must be installed.
+
+We have a `lefthook.yml` checked in but it is ignored until Lefthook is installed.
+
+### Install Lefthook
+
+   ```shell
+   # Install the `lefthook` Ruby gem:
+   bundle install
+   # Initialize the lefthook config and adds to .git/hooks dir
+   bundle exec lefthook install
+   # Verify hook execution works as expected
+   bundle exec lefthook run pre-push
+   ```
+
+For a detailed guide on left hook configuration see https://github.com/evilmartians/lefthook/blob/master/docs/configuration.md

data/gitlab-qa.gemspec

@@ -23,6 +23,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'climate_control', '~> 1.0.1'
   spec.add_development_dependency 'gitlab-dangerfiles', '~> 2.11'
   spec.add_development_dependency 'gitlab-styles', '~> 6.2.1'
+  spec.add_development_dependency 'lefthook', '~> 1.2.6'
   spec.add_development_dependency 'pry', '~> 0.11'
   spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.7'

data/lefthook.yml

@@ -0,0 +1,12 @@
+# EXAMPLE USAGE:
+
+#   Refer for explanation to following link:
+#   https://github.com/evilmartians/lefthook/blob/master/docs/configuration.md
+#
+ pre-push:
+   commands:
+     rubocop:
+       tags: backend style
+       files: git diff --name-only --diff-filter=d $(git merge-base origin/master HEAD)..HEAD
+       glob: '*.{rb,rake}'
+       run: REVEAL_RUBOCOP_TODO=0 bundle exec rubocop --parallel --force-exclusion {files}

data/lib/gitlab/qa/component/alpine.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require "securerandom"
+
+module Gitlab
+  module QA
+    module Component
+      # Generic helper component running alpine linux image
+      # Useful for populating volumes beforehand or running any other action that requires a running container
+      # and has to be performed before main component containers are started
+      #
+      class Alpine < Base
+        DOCKER_IMAGE = "alpine"
+        DOCKER_IMAGE_TAG = "latest"
+
+        def name
+          @name ||= "alpine-#{SecureRandom.hex(4)}"
+        end
+
+        def start
+          docker.run(image: image, tag: tag, args: ["tail", "-f", "/dev/null"]) do |command|
+            command << "-d"
+            command << "--name #{name}"
+
+            volumes.each { |to, from| command.volume(to, from, 'Z') }
+            environment.each { |key, value| command.env(key, value) }
+          end
+        end
+
+        def prepare
+          prepare_docker_container
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/qa/component/base.rb

@@ -6,9 +6,18 @@ module Gitlab
       class Base
         include Scenario::Actable
 
+        CERTIFICATES_PATH = File.expand_path('../../../../tls_certificates', __dir__)
+
         attr_reader :docker
-        attr_accessor :volumes, :ports, :network, :environment, :runner_network, :airgapped_network
         attr_writer :name, :exec_commands
+        attr_accessor :volumes,
+                      :ports,
+                      :network,
+                      :network_aliases,
+                      :environment,
+                      :runner_network,
+                      :airgapped_network,
+                      :additional_hosts
 
         def initialize
           @docker = Docker::Engine.new
@@ -17,6 +26,7 @@ module Gitlab
           @ports = []
           @network_aliases = []
           @exec_commands = []
+          @additional_hosts = []
         end
 
         def add_network_alias(name)
@@ -74,18 +84,21 @@ module Gitlab
         def prepare_network
           prepare_airgapped_network
           prepare_runner_network
-
           return if docker.network_exists?(network)
 
           docker.network_create(network)
         end
 
         def prepare_airgapped_network
-          docker.network_create("--driver=bridge --internal #{network}") if airgapped_network && !docker.network_exists?(network)
+          return unless airgapped_network && !docker.network_exists?(network)
+
+          docker.network_create("--driver=bridge --internal #{network}")
         end
 
         def prepare_runner_network
-          docker.network_create("--driver=bridge --internal #{runner_network}") if runner_network && !docker.network_exists?(runner_network)
+          return unless runner_network && !docker.network_exists?(runner_network)
+
+          docker.network_create("--driver=bridge --internal #{runner_network}")
         end
 
         def prepare_docker_container
@@ -118,6 +131,10 @@ module Gitlab
             @network_aliases.to_a.each do |network_alias|
               command << "--network-alias #{network_alias}"
             end
+
+            @additional_hosts.each do |host|
+              command << "--add-host=#{host}"
+            end
           end
         end
 

data/lib/gitlab/qa/component/gitaly_cluster.rb

@@ -6,7 +6,7 @@ module Gitlab
       class GitalyCluster
         class GitalyClusterConfig
           attr_accessor :gitlab_name, :network, :airgapped_network,
-                        :praefect_node_name, :praefect_port,
+                        :praefect_node_name, :praefect_port, :praefect_ip,
                         :primary_node_name, :primary_node_port,
                         :secondary_node_name, :secondary_node_port,
                         :tertiary_node_name, :tertiary_node_port,
@@ -90,6 +90,7 @@ module Gitlab
           end
 
           @praefect_node = praefect(release)
+          config.praefect_ip = praefect_node.ip_address
           Runtime::Logger.info("Gitaly Cluster Ready")
         end
 

data/lib/gitlab/qa/component/gitlab.rb

@@ -16,17 +16,28 @@ module Gitlab
         extend Forwardable
         using Rainbow
 
-        attr_reader :release, :omnibus_configuration, :omnibus_gitlab_rails_env
-        attr_accessor :tls, :skip_availability_check, :runner_network, :seed_admin_token, :seed_db, :skip_server_hooks
+        attr_reader :release,
+                    :omnibus_configuration,
+                    :omnibus_gitlab_rails_env,
+                    :authority_volume,
+                    :ssl_volume
+
+        attr_accessor :tls,
+                      :skip_availability_check,
+                      :runner_network,
+                      :seed_admin_token,
+                      :seed_db,
+                      :skip_server_hooks,
+                      :gitaly_tls
+
         attr_writer :name, :relative_path
 
         def_delegators :release, :tag, :image, :edition
 
-        CERTIFICATES_PATH = File.expand_path('../../../../tls_certificates', __dir__)
         DATA_SEED_PATH = File.expand_path('../../../../support/data', __dir__)
 
-        SSL_PATH = '/etc/gitlab/ssl'
         TRUSTED_PATH = '/etc/gitlab/trusted-certs'
+        SSL_PATH = '/etc/gitlab/ssl'
         DATA_PATH = '/tmp/data-seeds'
 
         def initialize
@@ -34,17 +45,8 @@ module Gitlab
 
           @skip_availability_check = false
           @omnibus_gitlab_rails_env = {}
-
           @omnibus_configuration = Runtime::OmnibusConfiguration.new(Runtime::Scenario.omnibus_configuration)
-
-          @working_dir_tmp_cert_path = Dir.mktmpdir('certs', FileUtils.mkdir_p("#{Dir.pwd}/tmp"))
-          @authority_cert_path = "#{@working_dir_tmp_cert_path}/authority"
-          @gitlab_cert_path = "#{@working_dir_tmp_cert_path}/gitlab"
-          @gitaly_cert_path = "#{@working_dir_tmp_cert_path}/gitaly"
-
-          @volumes[@gitlab_cert_path] = SSL_PATH
-          @volumes[@authority_cert_path] = TRUSTED_PATH
-
+          @cert_volumes = { "authority" => TRUSTED_PATH, "gitlab-ssl" => SSL_PATH }
           @seed_admin_token = Runtime::Scenario.seed_admin_token
           @seed_db = Runtime::Scenario.seed_db
           @skip_server_hooks = Runtime::Scenario.skip_server_hooks
@@ -89,11 +91,6 @@ module Gitlab
           tls ? ["443:443"] : ["80"]
         end
 
-        def gitaly_tls
-          @volumes.delete(@gitlab_cert_path)
-          @volumes[@gitaly_cert_path] = SSL_PATH
-        end
-
         def relative_path
           @relative_path ||= ''
         end
@@ -109,12 +106,6 @@ module Gitlab
           super
         end
 
-        def teardown!
-          FileUtils.rm_rf(@working_dir_tmp_cert_path)
-
-          super
-        end
-
         def pull
           docker.login(**release.login_params) if release.login_params
 
@@ -146,7 +137,7 @@ module Gitlab
               command.port(mapping)
             end
 
-            @volumes.to_h.each do |to, from|
+            @volumes.to_h.merge(cert_volumes).each do |to, from|
               command.volume(to, from, 'Z')
             end
 
@@ -159,6 +150,10 @@ module Gitlab
             @network_aliases.to_a.each do |network_alias|
               command << "--network-alias #{network_alias}"
             end
+
+            @additional_hosts.each do |host|
+              command << "--add-host=#{host}"
+            end
           end
 
           return unless runner_network
@@ -239,19 +234,28 @@ module Gitlab
 
         private
 
+        attr_reader :cert_volumes
+
         def read_package_manifest
-          @docker.read_file(
-            @release.image, @release.tag,
-            '/opt/gitlab/version-manifest.json'
-          )
+          @docker.read_file(@release.image, @release.tag, '/opt/gitlab/version-manifest.json')
         end
 
-        # Copy certs to a temporary directory in current working directory.
-        # This is needed for docker-in-docker ci environments where mount points outside of build dir are not accessible
+        # Create cert files in separate volumes
+        #
+        # tls_certificates folder can't be mounted directly when remote docker context is used
+        # due to not having access to local dir
         #
         # @return [void]
         def copy_certificates
-          FileUtils.cp_r("#{CERTIFICATES_PATH}/.", @working_dir_tmp_cert_path)
+          Alpine.perform do |alpine|
+            alpine.volumes = cert_volumes
+
+            alpine.start_instance
+            docker.copy(alpine.name, "#{CERTIFICATES_PATH}/authority/.", TRUSTED_PATH)
+            docker.copy(alpine.name, "#{CERTIFICATES_PATH}/#{gitaly_tls ? 'gitaly' : 'gitlab'}/.", SSL_PATH)
+          ensure
+            alpine.teardown! # always remove container, even when global `--no-tests` flag was provided
+          end
         end
 
         def ensure_configured!

data/lib/gitlab/qa/component/mock_server.rb

@@ -3,6 +3,9 @@
 module Gitlab
   module QA
     module Component
+      # General purpose http mock server
+      # see: https://smocker.dev/
+      #
       class MockServer < Base
         DOCKER_IMAGE = "thiht/smocker"
         DOCKER_IMAGE_TAG = "0.18.2"
@@ -10,11 +13,45 @@ module Gitlab
         def initialize
           super
 
-          @ports = %w[8080 8081]
-          @name = "smocker-server"
+          @tls = false
+          @name = "smocker"
+          @tls_path = "/etc/smocker/tls"
+          @ports = [80, 8081]
+          @environment = { "SMOCKER_MOCK_SERVER_LISTEN_PORT" => 80 }
         end
 
         attr_reader :name
+        attr_writer :tls
+
+        def prepare
+          super
+
+          setup_tls if tls
+        end
+
+        private
+
+        attr_reader :tls_path, :tls
+
+        def setup_tls
+          @volumes = { "smocker-ssl" => tls_path }
+          @ports = [443, 8081]
+          @environment = {
+            "SMOCKER_MOCK_SERVER_LISTEN_PORT" => 443,
+            "SMOCKER_TLS_ENABLE" => "true",
+            "SMOCKER_TLS_CERT_FILE" => "#{@tls_path}/smocker.crt",
+            "SMOCKER_TLS_PRIVATE_KEY_FILE" => "#{@tls_path}/smocker.key"
+          }
+
+          Alpine.perform do |alpine|
+            alpine.volumes = volumes
+
+            alpine.start_instance
+            docker.copy(alpine.name, "#{CERTIFICATES_PATH}/smocker/.", tls_path)
+          ensure
+            alpine.teardown! # always remove container, even when global `--no-tests` flag was provided
+          end
+        end
       end
     end
   end

data/lib/gitlab/qa/runtime/env.rb

@@ -39,7 +39,6 @@ module Gitlab
           'QA_EXPORT_TEST_METRICS' => :qa_export_test_metrics,
           'QA_INFLUXDB_URL' => :qa_influxdb_url,
           'QA_INFLUXDB_TOKEN' => :qa_influxdb_token,
-          'QA_RUN_TYPE' => :qa_run_type,
           'QA_SKIP_PULL' => :qa_skip_pull,
           'QA_VALIDATE_RESOURCE_REUSE' => :qa_validate_resource_reuse,
           'GITLAB_API_BASE' => :api_base,

data/lib/gitlab/qa/scenario/test/instance/airgapped.rb

@@ -7,31 +7,38 @@ module Gitlab
         module Instance
           class Airgapped < Scenario::Template
             require 'resolv'
-            attr_reader :config, :gitlab_air_gap_commands
+            attr_reader :config, :gitlab_air_gap_commands, :iptables_restricted_network, :airgapped_network_name
 
             def initialize
+              # Uses https://docs.docker.com/engine/reference/commandline/network_create/#network-internal-mode
+              @airgapped_network_name = 'airgapped'
+              # Uses iptables to deny all network traffic, with a number of exceptions for required ports and IPs
+              @iptables_restricted_network = 'test'
               @config = Component::GitalyCluster::GitalyClusterConfig.new(
+                gitlab_name: "gitlab-airgapped-#{SecureRandom.hex(4)}",
                 airgapped_network: true,
-                network: 'airgapped'
+                network: airgapped_network_name
               )
             end
 
             def perform(release, *rspec_args)
               Component::Gitlab.perform do |gitlab|
-                cluster = Component::GitalyCluster.perform do |cluster|
+                Component::GitalyCluster.perform do |cluster|
                   cluster.config = @config
-                  cluster.instance
+                  cluster.release = release
+                  # we need to get an IP for praefect before proceeding so it cannot be run in parallel with gitlab
+                  cluster.instance(true).join
                 end
                 gitlab.name = config.gitlab_name
                 gitlab.release = release
-                gitlab.airgapped_network = true
-                gitlab.network = config.network
+                gitlab.network = iptables_restricted_network # we use iptables to restrict access on the gitlab instance
+                gitlab.runner_network = config.network
+                gitlab.exec_commands = airgap_gitlab_commands
+                gitlab.skip_availability_check = true
                 gitlab.omnibus_configuration << gitlab_omnibus_configuration
-                gitlab.skip_availability_check = true # airgapped environment cannot be pinged to check health
                 rspec_args << "--" unless rspec_args.include?('--')
                 rspec_args << %w[--tag ~orchestrated]
                 gitlab.instance do
-                  cluster.join
                   Component::Specs.perform do |specs|
                     specs.suite = 'Test::Instance::Airgapped'
                     specs.release = gitlab.release
@@ -45,9 +52,55 @@ module Gitlab
 
             private
 
+            def airgap_gitlab_commands
+              gitlab_ip = Resolv.getaddress('gitlab.com')
+              gitlab_registry_ip = Resolv.getaddress(QA::Release::COM_REGISTRY)
+              dev_gitlab_registry_ip = Resolv.getaddress(QA::Release::DEV_REGISTRY.split(':')[0])
+              praefect_ip = config.praefect_ip
+              @commands = <<~AIRGAP_AND_VERIFY_COMMAND.split(/\n+/)
+                # Should not fail before airgapping due to eg. DNS failure
+                # Ping and wget check
+                apt-get update && apt-get install -y iptables ncat
+                if ncat -zv -w 10 #{gitlab_ip} 80; then echo 'Airgapped connectivity check passed.'; else echo 'Airgapped connectivity check failed - should be able to access gitlab_ip'; exit 1; fi;
+
+                echo "Checking regular connectivity..." \
+                  && wget --retry-connrefused --waitretry=1 --read-timeout=15 --timeout=10 -t 2 http://registry.gitlab.com > /dev/null 2>&1 \
+                  && (echo "Regular connectivity wget check passed." && exit 0) || (echo "Regular connectivity wget check failed." && exit 1)
+
+                iptables -P INPUT DROP && iptables -P OUTPUT DROP
+                iptables -A INPUT -i lo -j ACCEPT && iptables -A OUTPUT -o lo -j ACCEPT # LOOPBACK
+                iptables -I INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+                iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+                # Jenkins on port 8080 and 50000
+                iptables -A OUTPUT -p tcp -m tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT \
+                  && iptables -A OUTPUT -p tcp -m tcp --dport 50000 -m state --state NEW,ESTABLISHED -j ACCEPT
+                iptables -A OUTPUT -p tcp -m tcp --sport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
+                iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
+                iptables -A OUTPUT -p tcp -m tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+                iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+                # some exceptions to allow runners access network https://gitlab.com/gitlab-org/gitlab-qa/-/issues/700 
+                iptables -A OUTPUT -p tcp -d  #{gitlab_registry_ip} -j ACCEPT
+                iptables -A OUTPUT -p tcp -d  #{dev_gitlab_registry_ip} -j ACCEPT
+                # allow access to praefect node 
+                iptables -A OUTPUT -p tcp -d #{praefect_ip} -j ACCEPT
+
+                # Should now fail to ping gitlab_ip, port 22/80 should be open
+                if ncat -zv -w 10 #{gitlab_ip} 80; then echo 'Airgapped connectivity check failed - should not be able to access gitlab_ip'; exit 1; else echo 'Airgapped connectivity check passed.'; fi;
+                if ncat -zv -w 10 127.0.0.1 22; then echo 'Airgapped connectivity port 22 check passed.'; else echo 'Airgapped connectivity port 22 check failed.'; exit 1;  fi;
+                if ncat -zv -w 10 127.0.0.1 80; then echo 'Airgapped connectivity port 80 check passed.'; else echo 'Airgapped connectivity port 80 check failed.'; exit 1 ; fi;
+                if ncat -zv -w 10 #{gitlab_registry_ip} 80; then echo 'Airgapped connectivity port gitlab_registry_ip check passed.'; else echo 'Airgapped connectivity port 80 check failed.'; exit 1; fi;
+
+                echo "Checking airgapped connectivity..." \
+                  && wget --retry-connrefused --waitretry=1 --read-timeout=15 --timeout=10 -t 2 http://registry.gitlab.com > /dev/null 2>&1 \
+                  && (echo "Airgapped network faulty. Connectivity wget check failed." && exit 1) || (echo "Airgapped network confirmed. Connectivity wget check passed." && exit 0)
+              AIRGAP_AND_VERIFY_COMMAND
+            end
+
             def gitlab_omnibus_configuration
               <<~OMNIBUS
-                external_url 'http://#{config.gitlab_name}.#{config.network}';
+                external_url 'http://#{config.gitlab_name}.#{iptables_restricted_network}';
 
                 git_data_dirs({
                   'default' => {

data/lib/gitlab/qa/scenario/test/integration/gitaly_cluster.rb

@@ -21,7 +21,10 @@ module Gitlab
                 gitlab.name = config.gitlab_name
                 gitlab.network = config.network
                 gitlab.omnibus_configuration << gitlab_omnibus_configuration
-                cluster = Component::GitalyCluster.perform(&:instance)
+                cluster = Component::GitalyCluster.perform do |cluster|
+                  cluster.release = release
+                  cluster.instance
+                end
                 gitlab.instance do
                   cluster.join
                   Runtime::Logger.info('Running Gitaly Cluster specs!')

data/lib/gitlab/qa/scenario/test/integration/import.rb

@@ -14,10 +14,13 @@ module Gitlab
           #
           class Import < Scenario::Template
             def initialize
-              @source_gitlab = Component::Gitlab.new
-              @target_gitlab = Component::Gitlab.new
-              @mock_server = Component::MockServer.new
               @network = "test"
+              @source_gitlab = Component::Gitlab.new.tap { |gitlab| gitlab.network = @network }
+              @target_gitlab = Component::Gitlab.new.tap { |gitlab| gitlab.network = @network }
+              @mock_server = Component::MockServer.new.tap do |server|
+                server.network = @network
+                server.tls = true
+              end
             end
 
             attr_reader :source_gitlab, :target_gitlab, :mock_server, :network
@@ -39,11 +42,7 @@ module Gitlab
             #
             # @return [void]
             def start_mock_server
-              mock_server.tap do |server|
-                server.network = network
-
-                server.start_instance
-              end
+              mock_server.start_instance
             end
 
             # Start gitlab instance
@@ -52,14 +51,19 @@ module Gitlab
             # @return [void]
             def start_gitlab_instances(release)
               instances = [
-                { instance: source_gitlab, name: "import-source" },
-                { instance: target_gitlab, name: "import-target" }
+                { instance: source_gitlab, name: "import-source", additional_hosts: [] },
+                {
+                  instance: target_gitlab,
+                  name: "import-target",
+                  additional_hosts: ["api.github.com:#{mock_server.ip_address}"]
+                }
               ]
+
               ::Parallel.each(instances, in_threads: 2) do |gitlab_instance|
                 gitlab_instance[:instance].tap do |gitlab|
                   gitlab.name = gitlab_instance[:name]
-                  gitlab.network = network
                   gitlab.release = release
+                  gitlab.additional_hosts = gitlab_instance[:additional_hosts]
                   gitlab.seed_admin_token = true
 
                   gitlab.start_instance
@@ -76,8 +80,12 @@ module Gitlab
                 specs.suite = "Test::Integration::Import"
                 specs.release = target_gitlab.release
                 specs.network = network
-                specs.env = { "QA_IMPORT_SOURCE_URL" => source_gitlab.address, "QA_ALLOW_LOCAL_REQUESTS" => "true" }
                 specs.args = [target_gitlab.address, *rspec_args]
+                specs.env = {
+                  "QA_ALLOW_LOCAL_REQUESTS" => "true",
+                  "QA_IMPORT_SOURCE_URL" => source_gitlab.address,
+                  "QA_SMOCKER_HOST" => mock_server.hostname
+                }
               end
             end
           end

data/lib/gitlab/qa/scenario/test/integration/mtls.rb

@@ -16,44 +16,57 @@ module Gitlab
             end
 
             def perform(release, *rspec_args)
-              Component::Gitlab.perform do |gitaly|
-                gitaly.release = QA::Release.new(release)
-                gitaly.name = @gitaly_name
-                gitaly.network = @network
-                gitaly.skip_availability_check = true
-                gitaly.seed_admin_token = false
-
-                gitaly.omnibus_configuration << gitaly_omnibus
-                gitaly.gitaly_tls
-
-                gitaly.instance do
-                  Component::Gitlab.perform do |gitlab|
-                    gitlab.release = QA::Release.new(release)
-                    gitlab.name = @gitlab_name
-                    gitlab.network = @network
-
-                    gitlab.omnibus_configuration << gitlab_omnibus
-                    gitlab.tls = true
-
-                    gitlab.instance do
-                      Runtime::Logger.info("Running mTLS specs!")
-
-                      if @tag
-                        rspec_args << "--" unless rspec_args.include?('--')
-                        rspec_args << "--tag" << @tag
-                      end
-
-                      Component::Specs.perform do |specs|
-                        specs.suite = @spec_suite
-                        specs.release = gitlab.release
-                        specs.network = gitlab.network
-                        specs.args = [gitlab.address, *rspec_args]
-                        specs.env = @env
-                      end
-                    end
+              # You can create 2 networks with the same 'human friendly' name if you run network create in parallel
+              # However this causes 'ambiguous network' errors, so lets just create network manually earlier
+              # see https://github.com/moby/moby/issues/18864#issuecomment-167006094
+              # and also api docs https://github.com/moby/moby/blob/master/docs/api/v1.42.yaml#L9932-L9941
+              docker = Docker::Engine.new
+              docker.network_create(@network) unless docker.network_exists?(@network)
+
+              gitaly_thread = Thread.new do
+                Thread.current.abort_on_exception = true
+                @gitaly_node = Component::Gitlab.perform do |gitaly|
+                  gitaly.release = QA::Release.new(release)
+                  gitaly.name = @gitaly_name
+                  gitaly.network = @network
+                  gitaly.skip_availability_check = true
+                  gitaly.seed_admin_token = false
+
+                  gitaly.omnibus_configuration << gitaly_omnibus
+                  gitaly.gitaly_tls = true
+
+                  gitaly.instance(skip_teardown: true)
+                end
+              end
+
+              Component::Gitlab.perform do |gitlab|
+                gitlab.release = QA::Release.new(release)
+                gitlab.name = @gitlab_name
+                gitlab.network = @network
+
+                gitlab.omnibus_configuration << gitlab_omnibus
+                gitlab.tls = true
+
+                gitlab.instance do
+                  gitaly_thread.join
+                  Runtime::Logger.info("Running mTLS specs!")
+
+                  if @tag
+                    rspec_args << "--" unless rspec_args.include?('--')
+                    rspec_args << "--tag" << @tag
+                  end
+
+                  Component::Specs.perform do |specs|
+                    specs.suite = @spec_suite
+                    specs.release = gitlab.release
+                    specs.network = gitlab.network
+                    specs.args = [gitlab.address, *rspec_args]
+                    specs.env = @env
                   end
                 end
               end
+            ensure
+              @gitaly_node&.teardown
             end
 
             def gitlab_omnibus

data/lib/gitlab/qa/version.rb

@@ -2,6 +2,6 @@
 
 module Gitlab
   module QA
-    VERSION = '8.14.0'
+    VERSION = '8.15.0'
   end
 end

data/tls_certificates/smocker/smocker.crt

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFZzCCA0+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzET
+MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEZMBcG
+A1UECgwQR2l0TGFiIEF1dGhvcml0eTAeFw0yMzAxMDIxMDEyNDRaFw0zMjEyMzAx
+MDEyNDRaMGwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYD
+VQQHDA1TYW4gRnJhbmNpc2NvMRcwFQYDVQQKDA5HaXRsYWIgQXV0aG9yczEXMBUG
+A1UEAwwOYXBpLmdpdGh1Yi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQC8cKxIATD8EaMSUoKMNhLTsQ/iawXBXR+r0BKWjzF6TxdYYlyU/tnH5TJA
+43uUIJDrO1l5vdFMrZ9XemzN8qF/lUpTc3fnFQNE998NzZzdG3Do3hOTayTRYlje
+7PxB3Y8ekpbCqW5lJkR9fC/T8CTAog0wK8wIn0wCgBwiuM1IPzMutYGUZgxAnw2h
+zIHCF68mfZhqiKG3ZcKSwQct2FL5/9ZcC71AkxopK0YBOLn7rReEhC8PwOIWdxD4
+EyB3Hd4sxzT9ZOOSwyXO/FAQFBioHmeI6CxS4BOOBK8KDGGZ1gvIQq2OHYNxqzXB
+iJ5zYEMqXr9dV0zKZ0+0EuNZEEO7TwW2WnbiFDlBzGIXjBVSPc26pQjFnC5YniPb
+cKC+J7pkZtbiWlo59WFvtLe/FRTiN+64pNXKiMeGBbKduYOANcNj1IO7Vi6o5ln8
+s4tilAe4TJNiIMyKBGoP7X+UiEfa1fCgZ8qVBqDWxNupjU1K3T8VCH1rBRJUaotJ
+N3yw41uhVPjLpx6HBN1fbXqYEkDoEpDRVCWtoIxVQRu9JtVH3KHvRSdmt1Kv+vBL
+7uEbLeD6hNrC5GpLiikV6I1HQUxM7vzAlBmz1doOVTyp/9VpQbPrsd2F6kuL3/xO
+7KUD3U0xZh6dRUEx+PuCenGYZVcQot4q94dv3ocdo1J60n2DkwIDAQABoyswKTAn
+BgNVHREEIDAegg5hcGkuZ2l0aHViLmNvbYIMc21vY2tlci50ZXN0MA0GCSqGSIb3
+DQEBCwUAA4ICAQA8CzfqD5QsM2/Kz79b4JDhfUafp8oOJdufjiQxCjRn9qZuEqtT
+Qf5GEjEPnV8FH6Oux8qTxWMQQLGdDHzQ217jUtvqdpDog1v+QPVRkoPeP+QTQSfK
+kC+ANGdDt+dbzyRM8b7pxz5KcyMwHHZitAKE2f1xf1gbc70RiJDmif+W4B8lcaWG
+IGoQPB8kAAMhV9r91u49Em3+jKXrhw8J5JBZG7t9006N1ix6ZkocvDqI3mSE9KeY
+dgVzSQdz6KK9BtezqZjpYdRwAJEeoOABsnP7rnTQjDUNb2G/53TOmypORAZXm8sn
+VLuFtP+IymsfFzsSI1H9YhQqd8NN6bDWHH4vttVP1ZXnMZQ2sR4dTLoAkoSMziEF
+EUw24+KI3I9P/hSu6sUIO8WsDdQFV6BECrMrzTN7mIMAg7/JGYDU/LtD7dgeBTuy
+pdxzWVdnrp4WixyHunBuzHo8g8o1ZqHX+HZrfyD3ywTkoWuxoKf0aGpSCallS1Uz
+2+yRNSzZkEZKEWEljWrToFzazLN/4xRL9GtxGlKEU+xOX0of0LZ+Jx5xNI7iztka
+kPLtItClCEq3S1KixdoYE2Zjkkx17H3qu59zbYrXtF7/3C4UYDL29+Hv6E8YPnUM
+LXlvldSQN3MDScFEFYmT5uxvZcQVhU6TMljNL+qllRjQUj3Z3VTLkR3iiw==
+-----END CERTIFICATE-----

data/tls_certificates/smocker/smocker.csr

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6zCCAtMCAQAwbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWEx
+FjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xFzAVBgNVBAoMDkdpdGxhYiBBdXRob3Jz
+MRcwFQYDVQQDDA5hcGkuZ2l0aHViLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBALxwrEgBMPwRoxJSgow2EtOxD+JrBcFdH6vQEpaPMXpPF1hiXJT+
+2cflMkDje5QgkOs7WXm90Uytn1d6bM3yoX+VSlNzd+cVA0T33w3NnN0bcOjeE5Nr
+JNFiWN7s/EHdjx6SlsKpbmUmRH18L9PwJMCiDTArzAifTAKAHCK4zUg/My61gZRm
+DECfDaHMgcIXryZ9mGqIobdlwpLBBy3YUvn/1lwLvUCTGikrRgE4ufutF4SELw/A
+4hZ3EPgTIHcd3izHNP1k45LDJc78UBAUGKgeZ4joLFLgE44ErwoMYZnWC8hCrY4d
+g3GrNcGInnNgQypev11XTMpnT7QS41kQQ7tPBbZaduIUOUHMYheMFVI9zbqlCMWc
+LlieI9twoL4numRm1uJaWjn1YW+0t78VFOI37rik1cqIx4YFsp25g4A1w2PUg7tW
+LqjmWfyzi2KUB7hMk2IgzIoEag/tf5SIR9rV8KBnypUGoNbE26mNTUrdPxUIfWsF
+ElRqi0k3fLDjW6FU+MunHocE3V9tepgSQOgSkNFUJa2gjFVBG70m1Ufcoe9FJ2a3
+Uq/68Evu4Rst4PqE2sLkakuKKRXojUdBTEzu/MCUGbPV2g5VPKn/1WlBs+ux3YXq
+S4vf/E7spQPdTTFmHp1FQTH4+4J6cZhlVxCi3ir3h2/ehx2jUnrSfYOTAgMBAAGg
+OjA4BgkqhkiG9w0BCQ4xKzApMCcGA1UdEQQgMB6CDmFwaS5naXRodWIuY29tggxz
+bW9ja2VyLnRlc3QwDQYJKoZIhvcNAQELBQADggIBAENNxApAwNQsxmHa+q4ZjPax
+4uUb3Q2sQUqRZN2IAP+HDmlKy8scuhvvCkxuxC7rxZhupoEUR3MJoDAURLfIQLPu
+S3zj1H7iIsi1sY+HDaMKmgK22IudIV3WuVgYcs1bdYHUc+lp1k8Y+KHp80f/hzpU
+nkFVMsddzLglA8Kgt9zqER05iTxBoJfZYbLBzI31aPtmm/DUkAccU19ututbmmtk
+7XDcDp3FbsgbR/XtkrbuMJGvbs3nyQ6JXK9Mj4AHn+Iucs+mYBULyMYtNbGGCY5h
+AmJdScWAxCxDXEelUpml29dytqZCRBcvcdLwM4srP+VE5lbAkLcR0aETDeRAEshO
+wB8QMZXql8Tc1quKNOr0pxoJZSA0dIjv/tUap8HiuNeEYN0F938uWTb1TQHSs9Dt
+8d6/SXZZNZNw9xWoeBwdJE1TdcozGnXp6W93+BmGHkOib98FYRWO581Tv12v/x8V
+9Jys/wzTmH8xrjjHWYlRx+m3yFGMY+Ou0Ee0Tw3lSAOj5tY5IEliVm+c67K57HDY
+zhXajuiRfAXe4bsQN/FjvOJmLGxltEX1q01xWD9kP513LMLJSHQXOj/Iw9WZIBul
+zKVAWqpN4XyvPzu/QAymW95tYUb9ZmByUi9OXpfMuTipN6ogvI3XBEpGkPGVzbgR
+6ypgdzU8dPZyrsdb0A8s
+-----END CERTIFICATE REQUEST-----

data/tls_certificates/smocker/smocker.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEAvHCsSAEw/BGjElKCjDYS07EP4msFwV0fq9ASlo8xek8XWGJc
+lP7Zx+UyQON7lCCQ6ztZeb3RTK2fV3pszfKhf5VKU3N35xUDRPffDc2c3Rtw6N4T
+k2sk0WJY3uz8Qd2PHpKWwqluZSZEfXwv0/AkwKINMCvMCJ9MAoAcIrjNSD8zLrWB
+lGYMQJ8NocyBwhevJn2Yaoiht2XCksEHLdhS+f/WXAu9QJMaKStGATi5+60XhIQv
+D8DiFncQ+BMgdx3eLMc0/WTjksMlzvxQEBQYqB5niOgsUuATjgSvCgxhmdYLyEKt
+jh2Dcas1wYiec2BDKl6/XVdMymdPtBLjWRBDu08Ftlp24hQ5QcxiF4wVUj3NuqUI
+xZwuWJ4j23Cgvie6ZGbW4lpaOfVhb7S3vxUU4jfuuKTVyojHhgWynbmDgDXDY9SD
+u1YuqOZZ/LOLYpQHuEyTYiDMigRqD+1/lIhH2tXwoGfKlQag1sTbqY1NSt0/FQh9
+awUSVGqLSTd8sONboVT4y6cehwTdX216mBJA6BKQ0VQlraCMVUEbvSbVR9yh70Un
+ZrdSr/rwS+7hGy3g+oTawuRqS4opFeiNR0FMTO78wJQZs9XaDlU8qf/VaUGz67Hd
+hepLi9/8TuylA91NMWYenUVBMfj7gnpxmGVXEKLeKveHb96HHaNSetJ9g5MCAwEA
+AQKCAgEAhMhQXZyZS8WRxwNlAi/ILGsD6mPHdm2MN6Eyt+zGzIyWwqzs2ACMrRKP
+yrGBDuuzsk3ryqE6rnFZambV7Hkf26ry6MLgpnBkEWEoR62u7w67DRwPZz2EgBZw
+0QTk6/SXOM/Kc/i31YaVlGbBvPHms+Z8rIjwCNNW2Bw1tzHJVTNTeYJkgJE36QEq
+texJMt9FiDXQBKGqcnS+GnLyABgCwC7Keam7/ZiqQoA/n/S8+N8LR1FtaAheR742
+stendMgTGjJ04GkLAwuHxMZ+FBZVGYHzKsGPGgbTQKuEO+xlieUOAFsbuJyLVrlx
+86G1JU+bhGunJLqzXZxWyWjV0phnYIpnN5k5NyfzZxnRr2jGAjYchdf9gbYMdTV6
+f8Zt4eeLnIKEHg0Td18xn23MQewu1ZUbUyqjRzcX4SswO837r51+CJTcTE/Gw5rE
+V+K+9c4Anp5trBrcZTWEuwQ0aeyPlsCbR7wPuapchP0RaI2g3SxnlvT9L8LZCn0p
+GTh84Fh5ddq1GqcLywGYEpWpGTzXOIyS5m9BrZvCdenofo5+oB7u/DBORcI3U8i8
+E3I5UgqKIqMBQlbfd+Z7RrkMaNxEzttK4ly/vusu7pHNaVa6wDyEiBTwhHoD7di+
+i7vE7y3YmoajB7zBbrhGTDNpHoZRaKVj6rtRklq0s41BonNVdaECggEBAPGowwBt
+7/+V97q9YpzeB6YVrx77lbc5G3Kk/3jo1+J4MaxRYAm3vPZidZfZFScYhdIaBs6d
+mvmcK4YMQESoSrd4rrk7t+Z9+cbs/rrTrLcMUu5luQ4gDyFlwscxZmdQG19nR/Xo
+vSRRAIJaDYpr2j3l9527CGevCpNx4xYTu/oEPNopJAfrA1/hF/l6qDcqWlmOQGON
+L0PVJIMjz9b7sGvtvXtgnGECXdPqN5gpm5CSMIovGVnh/iSC04y4tDQI1Dt5va7D
+gYq8pLyfNoVcV+YQJjRbX5t07rE7Ji8m9/sA313XRMg2EpnyJz3W2yLSFYpLj7m+
+8pJL5OJpGI/65K0CggEBAMefat4fHhymk4wP7xVep/Hoc4oc69gyIhWn2iqZRnQx
+WHUGP6zZMHVgxb2iPaxYo8bLDCQaga3RqGbDQ3TFOb6FZAtPooNMFWdFJxZe7BiB
+i7v+0I/jXExPlFhxtqY5yUNNlZrL4aEKl0EeQq1Y5gFPHjCeNxCOQSLCcOul+aY1
+2jN7m33ngyB0ulPZXDAOhNT/LdTxpp9Tgi98jDeVvxngA++i4QptjrWl+dPzrXL5
+924FU66qi8MS0SLNqu33dqkf5/TTII9g8fDNMlov2sqjlzoYhsutIIQfZXwCMA6D
+tZN6pLO34kWp6prhpC8eE5rjAk+Qqv8/gs3gfl8G0T8CggEBALc/YZ9RvkvxTIku
+UzjgpKwshT7ZSA5IH6gvtgnZhtsUiZZBnrG/wmqS/tjGpGOhFNjdI4xJttrQsbBU
+Wee2NfIqcVPFFQ6TOHTAAelp2e50Se689Dbh2JdasviZXS26cQdHKiou8j43rksq
+PlpYroWBfOL+kMEO2tYz5h83l7New0YrLEdUzppF9ggYGra6Rwjh9bGHve+SEL3g
+yhobgQxWmviTqgFl6gBn+wBHjM90C5q9XFvsIutMyV5MMVnD2CvBhTSgy/qIUeM2
+WAGIpJ6wYEgTgcxAPz/lum7G/gQ4BSkDtASd/D0AgwFBi6o75FmaMsKHKSoGoumN
+CDMl7YECggEAfuHdU4ID6cIXVpdqJ/MaXLCbf9YSMkDrWUhva1Qxa/lReFCYeI00
+N+diyL4u5TUSJHE7LleKxajVmTvTzIzvvyGaDXZ4nWvmztUtmxKKjqkI4F1+w3aI
+XBjY+b6Nkep4+sZ9qP6eU3Yf3cwWJYiz6XEYh16JMYS58hYVIDNHE1Z3cvHGS6iz
+uBV5uYIXDpSr6Zao0wkmF29E+Fn55frQlOnGlrK4x6ALbXop6YahYMtxcgUAw6yz
+WTLEq5J+avM4ARe+n+bycy/zmFNVBe4U62g/3zVnuF46pMAwCTp6wT8GUs9JkNH4
+iL8P15JEgY5kd7aC6X/SsJr10VY3/L6gkQKCAQEA0+mgZ9MW8wFqdjQyVZl/rKvo
+iHcUerjx2LZc1Ls6ccuztXW8oHmWarGY62A5G0JjI+bdjsCiF1szmBJiYpOE9RsJ
+i3+W1EAWnJgBmQmHBgnpgJVmniwwg1yxN6iEmcmj4Ina1bhSBItZo2z9BUSy/wFC
+1YLtdgs2CxDDPKPyUOnedYUxFXWnvSJwmG2RfIKHEMWA4eEK+Vn+39y9X6CPNrPy
+m58RnFTMHo7TP8z9oLResd0ysvW/6wNbyn+NRBc59sr79H5QuuJSENEFJ4xBoBC2
+mU29lDFXchZd4G96uEfkl7YnX/VzHdXxQQpWVXZRkBXR6rgJNfT+q2MKTtxFKw==
+-----END RSA PRIVATE KEY-----

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-qa
 version: !ruby/object:Gem::Version
-  version: 8.14.0
+  version: 8.15.0
 platform: ruby
 authors:
 - GitLab Quality
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-12-15 00:00:00.000000000 Z
+date: 2023-01-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: climate_control
@@ -52,6 +52,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 6.2.1
+- !ruby/object:Gem::Dependency
+  name: lefthook
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.6
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -310,6 +324,9 @@ files:
 - docs/README.md
 - docs/architecture.md
 - docs/configuring_omnibus.md
+- docs/developer/http_mocking.md
+- docs/developer/ssl.md
+- docs/developer/style_guide.md
 - docs/how_it_works.md
 - docs/omnibus_configurations/license_mode.md
 - docs/release_process.md
@@ -325,7 +342,9 @@ files:
 - fixtures/ldap/3_add_groups.ldif
 - fixtures/ldap/tanuki.ldif
 - gitlab-qa.gemspec
+- lefthook.yml
 - lib/gitlab/qa.rb
+- lib/gitlab/qa/component/alpine.rb
 - lib/gitlab/qa/component/base.rb
 - lib/gitlab/qa/component/chaos.rb
 - lib/gitlab/qa/component/elasticsearch.rb
@@ -467,6 +486,9 @@ files:
 - tls_certificates/gitlab/gitlab.test.crt
 - tls_certificates/gitlab/gitlab.test.csr
 - tls_certificates/gitlab/gitlab.test.key
+- tls_certificates/smocker/smocker.crt
+- tls_certificates/smocker/smocker.csr
+- tls_certificates/smocker/smocker.key
 - tmp/.gitignore
 homepage: http://about.gitlab.com/
 licenses: