gitlab-qa 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 1c2b6de72f64ffc8c5b1400cb9a96ddf6734ca74
-  data.tar.gz: da79c5ba4b2e2c6b2113213fce6ea51810979508
+SHA256:
+  metadata.gz: a621d1f6282fb329b8f8ae089a113b66b5129017b4dc352d9afa3d21ce4a00b4
+  data.tar.gz: 51ee39c46554f5c32869c8ab96e53a1671b79790d1ee954ef1de744501ba32d9
 SHA512:
-  metadata.gz: 8aa3ad66f489c2c4996e4dba9f937b6fef4fceced5ae2b4b2f2f9d25c5ff2b8d48d3ecf71ead553ded3e1efe8e7a632cbbf28063f5338b830e08e117d61c1572
-  data.tar.gz: 463dbd089d21e6b49627b40b7cbbe04ecbd6f961e6605f90ef2ab0cc2066eb79118f4efee447ac627de3187f3e772a8f07fe4f23713f1cf09f4fb09f4e57bfc8
+  metadata.gz: be2da63340fc7348cc62698396eb295490f4e8955ca7fe27b50c3a7098827c74261fb4e6b38981346a273a8f9edc04a26783ec5c279f244679cf60d4085e24f1
+  data.tar.gz: f5362769d30beeeca1295783ea201b63ce5e3901bc553aa810863968fd9ea8011eac7fa98481f4cbef1b58fa3b1a1d88feab985d0e6ec24c45ecde1ddfbc37a2

data/.gitignore

@@ -7,3 +7,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+/.idea

data/.gitlab-ci.yml

@@ -5,6 +5,7 @@ stages:
   - check
   - sanity
   - test
+  - qa
 
 variables:
   TEST_IMAGE: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa
@@ -15,6 +16,9 @@ variables:
 
 before_script:
   - bundle install
+  - if [ -n "$TRIGGERED_USER" ] && [ -n "$TRIGGER_SOURCE" ]; then
+      echo "Pipeline triggered by $TRIGGERED_USER at $TRIGGER_SOURCE";
+    fi
 
 check:rubocop:
   stage: check
@@ -37,8 +41,8 @@ check:rspec:
 .sanity: &sanity
   stage: sanity
   image: $TEST_IMAGE
-  except:
-    - triggers
+  only:
+    - schedules
   tags:
     - docker
 
@@ -55,55 +59,115 @@ ee:version:
 .test: &test
   stage: test
   image: $TEST_IMAGE
+  retry: 1
   tags:
     - docker
   artifacts:
     when: on_failure
     expire_in: 30d
     paths:
-      - screenshots/*.png
-      - logs/*.log
+      - screenshots/
+      - logs/
+
+.high-capacity: &high-capacity
+  tags:
+    - docker
+    - 7gb
+    - triggered-packages
 
 ce:instance:
-  script: bin/qa Test::Instance::Image ${RELEASE:=CE}
+    # Checking if the build is triggered for a EE image. In that case, we need
+    # not run CE specific tests. This doesn't apply to nightly/regular branch
+    # builds as RELEASE will not match gitlab-ce in those cases.
+  script:
+    - if $(echo ${RELEASE} | grep -q gitlab-ee); then exit 0; fi
+    - bin/qa Test::Instance::Image ${RELEASE:=CE}
   <<: *test
+  <<: *high-capacity
 
 ee:instance:
-  script: bin/qa Test::Instance::Image ${RELEASE:=EE}
+  script:
+    - if $(echo ${RELEASE} | grep -q gitlab-ce); then exit 0; fi
+    - bin/qa Test::Instance::Image ${RELEASE:=EE}
   <<: *test
+  <<: *high-capacity
 
 ce:image:
-  script: bin/qa Test::Omnibus::Image ${RELEASE:=CE}
+  script:
+    - if $(echo ${RELEASE} | grep -q gitlab-ee); then exit 0; fi
+    - bin/qa Test::Omnibus::Image ${RELEASE:=CE}
   <<: *test
 
 ee:image:
-  script: bin/qa Test::Omnibus::Image ${RELEASE:=EE}
+  script:
+    - if $(echo ${RELEASE} | grep -q gitlab-ce); then exit 0; fi
+    - bin/qa Test::Omnibus::Image ${RELEASE:=EE}
   <<: *test
 
 ce:update:
-  script: bin/qa Test::Omnibus::Update ${RELEASE:=CE}
+  script:
+    - if $(echo ${RELEASE} | grep -q gitlab-ee); then exit 0; fi
+    - bin/qa Test::Omnibus::Update ${RELEASE:=CE}
   <<: *test
+  <<: *high-capacity
 
 ee:update:
-  script: bin/qa Test::Omnibus::Update ${RELEASE:=EE}
+  script:
+    - if $(echo ${RELEASE} | grep -q gitlab-ce); then exit 0; fi
+    - bin/qa Test::Omnibus::Update ${RELEASE:=EE}
   <<: *test
+  <<: *high-capacity
 
 ce:upgrade:
-  script: bin/qa Test::Omnibus::Upgrade
+  script:
+    - if [[ $RELEASE ]]; then exit 0; fi
+    - bin/qa Test::Omnibus::Upgrade
   <<: *test
+  <<: *high-capacity
 
 ce:mattermost:
-  script: bin/qa Test::Integration::Mattermost ${RELEASE:=CE}
+  script:
+    - if $(echo ${RELEASE} | grep -q gitlab-ee); then exit 0; fi
+    - bin/qa Test::Integration::Mattermost ${RELEASE:=CE}
   <<: *test
+  <<: *high-capacity
 
 ee:mattermost:
-  script: bin/qa Test::Integration::Mattermost ${RELEASE:=EE}
+  script:
+    - if $(echo ${RELEASE} | grep -q gitlab-ce); then exit 0; fi
+    - bin/qa Test::Integration::Mattermost ${RELEASE:=EE}
   <<: *test
+  <<: *high-capacity
 
 ee:geo:
-  script: bin/qa Test::Integration::Geo ${RELEASE:=EE}
+  script:
+    - if $(echo ${RELEASE} | grep -q gitlab-ce); then exit 0; fi
+    - bin/qa Test::Integration::Geo ${RELEASE:=EE}
   <<: *test
-  tags:
-    - docker
-    - 7gb
-    - triggered-packages
+  <<: *high-capacity
+
+ce:ldap:
+  script:
+    - bin/qa Test::Integration::LDAP ${RELEASE:=CE}
+  <<: *test
+  <<: *high-capacity
+
+ee:ldap:
+  script:
+    - bin/qa Test::Integration::LDAP ${RELEASE:=EE}
+  <<: *test
+  <<: *high-capacity
+
+qa:staging:
+  script:
+    - if $(echo ${RELEASE} | grep -q gitlab-ce); then exit 0; fi
+    - export GITLAB_USERNAME="gitlab-qa"
+    - export GITLAB_PASSWORD="$GITLAB_QA_PASSWORD"
+    - unset EE_LICENSE
+    - bin/qa Test::Instance::Staging
+  <<: *test
+  retry: 0
+  stage: qa
+  when: manual
+  except:
+    - triggers

data/.rubocop.yml

@@ -1,26 +1,30 @@
-AllCops:
-  TargetRubyVersion: 2.3
+require:
+  # Due to a probably bug in rubocop (https://github.com/bbatsov/rubocop/issues/5251)
+  # we need to require rubocop-rspec a second time so that RSpec/FilePath does
+  # not fallback to Rails/FilePath.
+  - rubocop-rspec
 
-Style/Documentation:
-  Enabled: false
+inherit_gem:
+  gitlab-styles:
+    - rubocop-default.yml
 
-Style/ModuleFunction:
+Lint/ShadowingOuterLocalVariable:
   Enabled: false
 
-Style/SignalException:
-  Enabled: false
+Metrics/AbcSize:
+  Max: 18
 
-Lint/ShadowingOuterLocalVariable:
-  Enabled: false
+Metrics/MethodLength:
+  Max: 20
 
-Metrics/BlockLength:
+Rails:
   Enabled: false
 
-Style/FrozenStringLiteralComment:
+Style/ExtendSelf:
   Enabled: false
 
-Metrics/MethodLength:
-  Max: 20
+Style/ModuleFunction:
+  Enabled: false
 
-Metrics/AbcSize:
-  Max: 18
+Style/SignalException:
+  Enabled: false

data/README.md

@@ -14,9 +14,63 @@ The purpose of this test suite is to verify that all pieces do integrate well to
 
 See the [GitLab QA architecture](/docs/architecture.md).
 
+## Goals and objectives
+
+### GitLab QA tests running in the CI/CD environment
+
+GitLab QA is an automated end-to-end testing framework, which means that manual
+steps should not be needed to run GitLab QA test suite. This framework is
+CI/CD environment native, which means that we should add new features and tests
+when we are comfortable with running new code in the CI/CD environment.
+
+### GitLab QA test failure are reproducible locally
+
+Despite the fact that GitLab QA has been built to run in the CI/CD environment,
+it is really important to make it easy for developers to reproduce GitLab QA
+test failures locally. It is much easier to debug things locally, than in the
+CI/CD.
+
+To make it easier to reproduce test failures locally we have published
+`gitlab-qa` gem [on rubygems.org](https://rubygems.org/gems/gitlab-qa) and we
+are using exactly the same approach to run tests in the CI/CD environment.
+
+It means that using `gitlab-qa` CLI tool, that orchestrates test environment and
+runs GitLab QA test suite, is a reproducible way of running tests locally and
+in the CI/CD.
+
+It also means that we can not have a custom code in `.gitlab-ci.yml` to, for
+example, start new containers / services.
+
+### Test installation / deployment process too
+
+We distribute GitLab in a package (like Debian package or a Docker image) so
+we want to test installation process to ensure that our package is not broken.
+
+But we are also working on making GitLab be a cloud native product. This means
+that using Helm becomes a yet another installation / deployment process that we
+want to test with GitLab QA.
+
+Keeping in mind that we want to test our Kubernetes deployments is especially
+important with consideration of the need of testing changes in merge requests.
+
+### Testing changes in merge requests before the merge
+
+The ultimate goal of GitLab QA is to make it possible to test changes in
+merge requests, even before merging a code into the stable / master branch.
+
+### We can run tests against any instance of GitLab
+
+GitLab QA is a click-driven, black-box testing tool. We also use it to run
+tests against the staging, and we strive for making it useful for our users
+as well.
+
 ## How do we use it
 
-Currently we trigger test suite against GitLab Docker images created by Omnibus nightly.
+Currently we trigger test suite against GitLab Docker images created by Omnibus
+nightly.
+
+We also trigger GitLab QA pipelines whenever someone clicks `package-qa` manual
+action in a merge request.
 
 ## How can you use it
 
@@ -25,6 +79,10 @@ GitLab QA tool is published as a [Ruby Gem](https://rubygems.org/gems/gitlab-qa)
 You can install it with `gem install gitlab-qa`. It will expose a `gitlab-qa`
 command in your system.
 
+If you want to run the scenarios or develop them on Mac OS, please read
+[Mac OS specific documentation](/docs/macos.md) as there are caveats and things
+that may work differently.
+
 1. Run tests against a Docker image with GitLab:
 
     `gitlab-qa Test::Instance::Image CE|EE|<full image address>`
@@ -33,6 +91,12 @@ command in your system.
 
     `gitlab-qa Test::Integration::Mattermost CE|EE|<full image address>`
 
+1. Run tests agains a Docker image with GitLab Geo:
+
+    `export EE_LICENSE=$(cat /path/to/Geo.gitlab_license)`
+
+    `gitlab-qa Test::Integration::Geo EE`
+
 1. Test update process between two CE or EE subsequent versions:
 
     `gitlab-qa Test::Omnibus::Update CE|EE|<full image address>`
@@ -49,6 +113,13 @@ command in your system.
 
     `GITLAB_USERNAME=your_username GITLAB_PASSWORD=your_password gitlab-qa Test::Instance::Any EE latest https://staging.gitlab.com`
 
+### How to add new scenarios
+
+Scenarios (test cases) and scripts to run them are located in
+[CE](https://gitlab.com/gitlab-org/gitlab-ce/tree/master/qa) and
+[EE](https://gitlab.com/gitlab-org/gitlab-ee/tree/master/qa)
+repositories under qa/ directory, so please also check the documents there.
+
 ## How does it work?
 
 GitLab QA handles a few scenarios:
@@ -86,6 +157,17 @@ This scenario tests that GitLab instance works as expected when
 enabling the embedded Mattermost server (see `Test::Instance::Image`
 above).
 
+### `Test::Integration::LDAP CE|EE|<full image address>`
+
+This scenario tests that GitLab instance works as expected with an external
+LDAP server. The scenario spins up an OpenLDAP server, seeds users, and
+attempts to LDAP-related tests against a GitLab instance.
+
+In EE, both the GitLab standard and LDAP credentials are needed:
+
+1. The first is used to login as an Admin to enter in the EE license.
+2. The second is used to conduct LDAP-related tasks
+
 ### `Test::Instance::Any CE|EE|<full image address>`
 
 This scenario tests that the any GitLab instance works as expected by running
@@ -93,14 +175,19 @@ tests against it (see `Test::Instance::Image` above).
 
 ## Supported environment variables
 
-* `GITLAB_USERNAME` - username to use when signing in to GitLab
-* `GITLAB_PASSWORD` - password to use when signing in to GitLab
+* `GITLAB_USERNAME` - username to use when signing into GitLab
+* `GITLAB_PASSWORD` - password to use when signing into GitLab
+* `GITLAB_USER_TYPE` - type of user to use when signing into GitLab: standard (default), ldap
+* `GITLAB_LDAP_USERNAME` - LDAP username to use when signing into GitLab
+* `GITLAB_LDAP_PASSWORD` - LDAP password to use when signing into GitLab
+* `GITLAB_SANDBOX_NAME` - The sandbox group name test suite is going to use (default: `gitlab-qa-sandbox`)
 * `EE_LICENSE` - Enterprise Edition license
 * `QA_SCREENSHOTS_DIR` - Path to a directory where screenshots for failing tests
   will be saved (default: `/tmp/gitlab-qa/screenshots`)
 * `QA_LOGS_DIR` - Path to a directory where logs will be saved (default:
   `/tmp/gitlab-qa/logs`)
 * `DOCKER_HOST` - Docker host to run tests against (default: `http://localhost`)
+* `CHROME_HEADLESS` - when running locally, set to `false` to allow Chrome tests to be visible - watch your tests being run
 
 ## Contributing
 

data/docs/macos.md

@@ -0,0 +1,114 @@
+# Run Geo QA tests against your Geo GDK setup
+
+Run from the `gdk-ee/gitlab/qa` directory with GDK primary and secondary running:
+
+```
+# Run in the background
+bin/qa QA::EE::Scenario::Test::Geo --primary-address http://localhost:3001 --secondary-address http://localhost:3002 --primary-name primary --secondary-name secondary --without-setup
+
+# Run in visible Chrome browser
+CHROME_HEADLESS=false bin/qa QA::EE::Scenario::Test::Geo --primary-address http://localhost:3001 --secondary-address http://localhost:3002 --primary-name primary --secondary-name secondary --without-setup
+```
+
+# QA Tool support on macOS
+
+Most of our development for GitLab is done on macOS. This brings some challenges as Docker on
+macOS doesn't have feature parity with it's Linux conterpart.
+
+There are two ways of running Docker on a Mac. Use a docker-machine provisioned virtual-machine
+or use "native" Docker GUI based support.
+
+When using docker-machine you can run your machines in the cloud or locally using something like
+VirtualBox. This brings some extra options on how to expose network between macOS and the Linux
+host VM, but requires extra steps like mapping `$DOCKER_HOST`, booting up and down the VMs with
+docker-machine and possibly customizing network settings in the virtualization platform of choice.
+
+Native Docker bundles it's own lightweight virtualization technology that works just like VirtualBox,
+but without requiring manual intervention. This provides less opportunity to customize network between
+docker containers and the host machine, but works out of the box when mapping container ports to ports 
+on localhost.
+
+The major difference is that it never exposes the network as `bridge` to macOS, and so `--hostname` 
+and `--network` only work inside docker, it has no effect when trying to access the containers from macOS.
+
+There are people in Docker's forum that claim to be able to [expose the network][Docker Route]
+when using a mix of docker-machine and `route` CLI command.
+
+When using the `route` command to expose the internet network, you still need to glue the DNS part.
+There is another tool called [dnsdock][dnsdock] that may do the trick. That means you need to change
+your DNS and point to the IP/port of `dnsdock` application.
+
+# Docker on macOS caveats
+
+When using OS X Docker, you need to go to Preferences > Advanced and allocate at least **5.0 GB**,
+otherwise some steps may fail to execute the `chrome-webdriver`.
+
+When using docker-machine, see [this StackOverflow link for increasing memory]
+(https://stackoverflow.com/questions/32834082/how-to-increase-docker-machine-memory-mac/36982696#36982696).
+
+This is required because chrome-webdriver makes use of `/dev/shm` shared memory. The VM will normally use
+~ 3Gb but unless you allocate 5.0 or more some magic numbers may not enable a bigger /dev/shm in the
+'host' VM that "native" docker runs on.
+
+Please note that while it's possible to run multi-node tests like Geo Primary and Secondary, you can't
+access the machines from your host machine, as they are all exposed as `0.0.0.0:port`, and because
+of that they don't match the configured VHOSTs in your GitLab installation, so the redirect login
+fails.
+
+It has to do with the lack of `bridge` support from Docker on macOS, also this is also something 
+Docker Inc [doesn't want to fix][Docker bridge issue].
+
+To see if this limitation is still present, check the [documentation][Docker Networking].
+
+## Workarounds
+
+One possible workaround to connect to a multi-node environment like Geo, is to run a reverse proxy on your
+development machine that maps the VHOST to `localhost:port`, changing to the ports listed in `docker ps`.
+
+You first need to map the hostnames to the local ip:
+
+Edit the `/etc/hosts` file
+```
+127.0.0.1 gitlab-primary.geo gitlab-secondary.geo
+```
+We are going to use [caddyserver](https://caddyserver.com/) in this example. You can install caddy with `brew install caddy`.
+
+After booting-up your containers, list the assigned ports:
+
+```bash
+$ docker ps
+
+CONTAINER ID        IMAGE                      COMMAND             CREATED             STATUS                                     PORTS                                    NAMES
+d28cc97870b4        gitlab/gitlab-ee:nightly   "/assets/wrapper"   1 second ago        Up Less than a second (health: starting)   22/tcp, 443/tcp, 0.0.0.0:32775->80/tcp   gitlab-secondary
+41f86bb951c5        gitlab/gitlab-ee:nightly   "/assets/wrapper"   2 minutes ago       Up 2 minutes (healthy)                     22/tcp, 443/tcp, 0.0.0.0:32774->80/tcp   gitlab-primary
+```
+
+Create a Caddyfile, mapping the VHOSTs with the `localhost:port` combination:
+
+```
+http://gitlab-primary.geo {
+  proxy / localhost:32774 {
+    transparent
+  }
+}
+
+http://gitlab-secondary.geo {
+  proxy / localhost:32775 {
+    transparent
+  }
+}
+```
+
+And run caddy:
+
+```bash
+caddy -conf Caddyfile
+```
+
+You should be able to use your navigator and point it to `http://gitlab-primary.geo` or `http://gitlab-secondary.geo`.
+
+[Docker Route]: https://forums.docker.com/t/access-container-from-dev-machine-by-ip-dns-name/24631/5
+[Docker Networking]: https://docs.docker.com/docker-for-mac/networking/#known-limitations-use-cases-and-workarounds
+[Docker bridge issue]: https://github.com/moby/moby/issues/22753#issuecomment-253534261
+[dnsdock]: https://github.com/aacebedo/dnsdock
+

data/fixtures/ldap/tanuki.ldif

@@ -0,0 +1,16 @@
+dn: uid=tanuki,dc=example,dc=org
+changetype: add
+uid: tanuki
+cn: tanuki
+sn: 3
+objectClass: top
+objectClass: posixAccount
+objectClass: inetOrgPerson
+loginShell: /bin/bash
+homeDirectory: /home/tanuki
+uidNumber: 14583102
+gidNumber: 14564100
+# hashed value for 'password'
+userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
+mail: tanuki@example.org
+gecos: Tanuki User

data/gitlab-qa.gemspec

@@ -18,9 +18,11 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '~> 1.16'
+  # Some dependencies are pinned, to prevent new cops from breaking the CI pipelines
+  spec.add_development_dependency 'gitlab-styles', '2.2.0'
   spec.add_development_dependency 'pry', '~> 0.11'
   spec.add_development_dependency 'rake', '~> 12.2'
   spec.add_development_dependency 'rspec', '~> 3.7'
-  spec.add_development_dependency 'rubocop', '~> 0.51'
+  spec.add_development_dependency 'rubocop', '0.52.0'
+  spec.add_development_dependency 'rubocop-rspec', '1.20.1'
 end

data/lib/gitlab/qa.rb

@@ -14,8 +14,9 @@ module Gitlab
 
       module Test
         module Instance
-          autoload :Image, 'qa/scenario/test/instance/image'
           autoload :Any, 'qa/scenario/test/instance/any'
+          autoload :Image, 'qa/scenario/test/instance/image'
+          autoload :Staging, 'qa/scenario/test/instance/staging'
         end
 
         module Omnibus
@@ -25,8 +26,9 @@ module Gitlab
         end
 
         module Integration
-          autoload :Mattermost, 'qa/scenario/test/integration/mattermost'
           autoload :Geo, 'qa/scenario/test/integration/geo'
+          autoload :LDAP, 'qa/scenario/test/integration/ldap'
+          autoload :Mattermost, 'qa/scenario/test/integration/mattermost'
         end
 
         module Sanity
@@ -37,12 +39,14 @@ module Gitlab
 
     module Component
       autoload :Gitlab, 'qa/component/gitlab'
+      autoload :LDAP, 'qa/component/ldap'
       autoload :Specs, 'qa/component/specs'
+      autoload :Staging, 'qa/component/staging'
     end
 
     module Docker
-      autoload :Engine, 'qa/docker/engine'
       autoload :Command, 'qa/docker/command'
+      autoload :Engine, 'qa/docker/engine'
       autoload :Shellout, 'qa/docker/shellout'
       autoload :Volumes, 'qa/docker/volumes'
     end

data/lib/gitlab/qa/component/gitlab.rb

@@ -10,8 +10,6 @@ module Gitlab
         extend Forwardable
         include Scenario::Actable
 
-        # rubocop:disable Style/Semicolon
-
         attr_reader :release, :docker
         attr_accessor :volumes, :network, :environment
         attr_writer :name
@@ -54,7 +52,10 @@ module Gitlab
         def instance
           raise 'Please provide a block!' unless block_given?
 
-          prepare; start; reconfigure; wait
+          prepare
+          start
+          reconfigure
+          wait
 
           yield self
 
@@ -65,11 +66,11 @@ module Gitlab
           @docker.pull(image, tag)
 
           return if @docker.network_exists?(network)
+
           @docker.network_create(network)
         end
 
-        # rubocop:disable Metrics/AbcSize
-        def start
+        def start # rubocop:disable Metrics/AbcSize
           ensure_configured!
 
           docker.run(image, tag) do |command|
@@ -79,11 +80,15 @@ module Gitlab
             command << "--hostname #{hostname}"
 
             @volumes.to_h.each do |to, from|
-              command << "--volume #{to}:#{from}:Z"
+              command.volume(to, from, 'Z')
+            end
+
+            File.join(Runtime::Env.logs_dir, name).tap do |logs_dir|
+              command.volume(logs_dir, '/var/log/gitlab', 'Z')
             end
 
             @environment.to_h.each do |key, value|
-              command << %(--env #{key}="#{value}")
+              command.env(key, value)
             end
 
             @network_aliases.to_a.each do |network_alias|
@@ -137,11 +142,8 @@ module Gitlab
 
         private
 
-        # rubocop:disable Style/GuardClause
         def ensure_configured!
-          unless [name, release, network].all?
-            raise 'Please configure an instance first!'
-          end
+          raise 'Please configure an instance first!' unless [name, release, network].all?
         end
 
         class Availability

data/lib/gitlab/qa/component/ldap.rb

@@ -0,0 +1,159 @@
+require 'securerandom'
+
+# This component sets up the docker-openldap (https://github.com/osixia/docker-openldap)
+# image with the proper configuration for GitLab users to login.
+#
+# By default, the docker-openldap image configures the Docker image with a
+# default admin user in the example.org domain. This user does not have a uid
+# attribute that GitLab needs to authenticate, so we seed the LDAP server with
+# a "tanuki" user via a LDIF file in the fixtures/ldap directory.
+#
+# The docker-openldap container has a startup script
+# (https://github.com/osixia/docker-openldap/blob/v1.1.11/image/service/slapd/startup.sh#L74-L78)
+# that looks for custom LDIF files in the BOOTSTRAP_LDIF directory. Note that the LDIF
+# files must have a "changetype" option specified for the script to work.
+module Gitlab
+  module QA
+    module Component
+      class LDAP
+        include Scenario::Actable
+
+        LDAP_IMAGE = 'osixia/openldap'.freeze
+        LDAP_IMAGE_TAG = 'latest'.freeze
+        LDAP_DOMAIN = 'example.org'.freeze
+        ADMIN_USER = 'admin'.freeze
+        ADMIN_PASSWORD = 'admin'.freeze
+        LDAP_USER = 'tanuki'.freeze
+        LDAP_PASSWORD = 'password'.freeze
+        LDAP_PORT = 389
+        BASE_DN = 'dc=example,dc=org'.freeze
+        BIND_DN = 'cn=admin,dc=example,dc=org'.freeze
+        BOOTSTRAP_LDIF = '/container/service/slapd/assets/config/bootstrap/ldif/custom'.freeze
+        GROUP_BASE = 'ou=groups,dc=example,dc=org'.freeze
+        ADMIN_GROUP = 'admin'.freeze
+        FIXTURE_PATH = File.expand_path('../../../../fixtures/ldap'.freeze, __dir__)
+
+        attr_reader :docker
+        attr_accessor :volumes, :network, :environment
+        attr_writer :name
+
+        def initialize
+          @docker = Docker::Engine.new
+          @environment = {}
+          @volumes = {}
+          @network_aliases = []
+
+          @volumes[FIXTURE_PATH] = BOOTSTRAP_LDIF
+        end
+
+        def enable_tls(status)
+          @environment['LDAP_TLS'] = 'false' unless status
+        end
+
+        def username
+          LDAP_USER
+        end
+
+        def password
+          LDAP_PASSWORD
+        end
+
+        def add_network_alias(name)
+          @network_aliases.push(name)
+        end
+
+        def name
+          @name ||= "openldap-#{SecureRandom.hex(4)}"
+        end
+
+        def hostname
+          "#{name}.#{network}"
+        end
+
+        def instance
+          raise 'Please provide a block!' unless block_given?
+
+          prepare
+          start
+
+          yield self
+
+          teardown
+        end
+
+        def prepare
+          @docker.pull(LDAP_IMAGE, LDAP_IMAGE_TAG)
+
+          return if @docker.network_exists?(network)
+
+          @docker.network_create(network)
+        end
+
+        def start
+          # copy-service needed for bootstraping LDAP user:
+          # https://github.com/osixia/docker-openldap#seed-ldap-database-with-ldif
+          docker.run(LDAP_IMAGE, LDAP_IMAGE_TAG, '--copy-service') do |command|
+            command << '-d '
+            command << "--name #{name}"
+            command << "--net #{network}"
+            command << "--hostname #{hostname}"
+
+            @volumes.to_h.each do |to, from|
+              command.volume(to, from, 'Z')
+            end
+
+            @environment.to_h.each do |key, value|
+              command.env(key, value)
+            end
+
+            @network_aliases.to_a.each do |network_alias|
+              command << "--network-alias #{network_alias}"
+            end
+          end
+        end
+
+        def restart
+          @docker.restart(name)
+        end
+
+        def teardown
+          raise 'Invalid instance name!' unless name
+
+          @docker.stop(name)
+          @docker.remove(name)
+        end
+
+        def pull
+          @docker.pull(LDAP_IMAGE, LDAP_IMAGE_TAG)
+        end
+
+        def to_config
+          config = YAML.safe_load <<~CFG
+            main:
+              label: LDAP
+              host: #{hostname}
+              port: #{LDAP_PORT}
+              uid: 'uid'
+              bind_dn: #{BIND_DN}
+              password: #{ADMIN_PASSWORD}
+              method: 'plain'
+              base: #{BASE_DN}
+              user_filter: ''
+              group_base: #{GROUP_BASE}
+              admin_group: #{ADMIN_GROUP}
+              external_groups: ''
+              sync_ssh_keys: false
+          CFG
+
+          # Quotes get eaten up when the string is set in the environment
+          config.to_s.gsub("\"", "\\\"")
+        end
+
+        def set_gitlab_credentials
+          ::Gitlab::QA::Runtime::Env.ldap_username = username
+          ::Gitlab::QA::Runtime::Env.ldap_password = password
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/qa/component/specs.rb

@@ -20,12 +20,12 @@ module Gitlab
           @docker.run(release.qa_image, release.tag, suite, *args) do |command|
             command << "-t --rm --net=#{network || 'bridge'}"
 
-            Runtime::Env.delegated.each do |env|
-              command.env(env, "$#{env}")
+            variables = Runtime::Env.variables
+            variables.each do |key, value|
+              command.env(key, value)
             end
 
             command.volume('/var/run/docker.sock', '/var/run/docker.sock')
-            command.volume(Runtime::Env.logs_dir, '/var/log/gitlab')
             command.volume(Runtime::Env.screenshots_dir, '/home/qa/tmp')
             command.name("gitlab-specs-#{Time.now.to_i}")
           end

data/lib/gitlab/qa/component/staging.rb

@@ -0,0 +1,63 @@
+require 'net/http'
+require 'json'
+require 'uri'
+
+module Gitlab
+  module QA
+    module Component
+      class Staging
+        ADDRESS = 'https://staging.gitlab.com'.freeze
+
+        def self.release
+          version = Version.new(ADDRESS).fetch!
+
+          Release.new("EE:#{version}")
+        rescue InvalidResponseError => ex
+          warn ex.message
+          warn "#{ex.response.code} #{ex.response.message}: #{ex.response.body}"
+          exit 1
+        end
+
+        class InvalidResponseError < StandardError
+          attr_reader :response
+
+          def initialize(address, response)
+            @response = response
+
+            super "Invalid response received from #{address}"
+          end
+        end
+
+        class Version
+          def initialize(address)
+            @uri = URI.join(address, '/api/v4/version')
+          end
+
+          def fetch!
+            response =
+              Net::HTTP.start(@uri.host, @uri.port, use_ssl: true) do |http|
+                http.request(request)
+              end
+
+            case response
+            when Net::HTTPSuccess
+              JSON.parse(response.body).fetch('version')
+            else
+              raise InvalidResponseError.new(@uri.to_s, response)
+            end
+          end
+
+          private
+
+          def request
+            Runtime::Env.require_qa_access_token!
+
+            @request ||= Net::HTTP::Get.new(@uri.path).tap do |req|
+              req['PRIVATE-TOKEN'] = Runtime::Env.qa_access_token
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/qa/docker/command.rb

@@ -12,16 +12,16 @@ module Gitlab
           tap { @args.concat(args) }
         end
 
-        def volume(from, to)
-          tap { @args << "-v #{from}:#{to}" }
+        def volume(from, to, opt = :z)
+          tap { @args.push("--volume #{from}:#{to}:#{opt}") }
         end
 
         def name(identity)
-          tap { @args << "--name #{identity}" }
+          tap { @args.push("--name #{identity}") }
         end
 
         def env(name, value)
-          tap { @args << %(-e #{name}="#{value}") }
+          tap { @args.push(%(--env #{name}="#{value}")) }
         end
 
         def to_s

data/lib/gitlab/qa/docker/shellout.rb

@@ -4,7 +4,7 @@ module Gitlab
   module QA
     module Docker
       class Shellout
-        class StatusError < StandardError; end
+        StatusError = Class.new(StandardError)
 
         def initialize(command)
           @command = command

data/lib/gitlab/qa/docker/volumes.rb

@@ -5,7 +5,6 @@ module Gitlab
     module Docker
       class Volumes
         VOLUMES = { 'config' => '/etc/gitlab',
-                    'logs' => '/var/log/gitlab',
                     'data' => '/var/opt/gitlab' }.freeze
 
         def initialize(volumes = VOLUMES)

data/lib/gitlab/qa/runtime/env.rb

@@ -4,10 +4,25 @@ module Gitlab
       module Env
         extend self
 
-        VARIABLES = %w[GITLAB_USERNAME
-                       GITLAB_PASSWORD
-                       GITLAB_URL
-                       EE_LICENSE].freeze
+        ENV_VARIABLES = {
+          'GITLAB_USERNAME' => :user_username,
+          'GITLAB_PASSWORD' => :user_password,
+          'GITLAB_LDAP_USERNAME' => :ldap_username,
+          'GITLAB_LDAP_PASSWORD' => :ldap_password,
+          'GITLAB_USER_TYPE' => :user_type,
+          'GITLAB_SANDBOX_NAME' => :gitlab_sandbox_name,
+          'GITLAB_QA_ACCESS_TOKEN' => :qa_access_token,
+          'GITLAB_URL' => :gitlab_url,
+          'EE_LICENSE' => :ee_license
+        }.freeze
+
+        ENV_VARIABLES.each_value do |accessor|
+          send(:attr_accessor, accessor) # rubocop:disable GitlabSecurity/PublicSend
+        end
+
+        def qa_access_token
+          ENV['GITLAB_QA_ACCESS_TOKEN']
+        end
 
         def screenshots_dir
           ENV['QA_SCREENSHOTS_DIR'] || '/tmp/gitlab-qa/screenshots'
@@ -17,8 +32,42 @@ module Gitlab
           ENV['QA_LOGS_DIR'] || '/tmp/gitlab-qa/logs'
         end
 
-        def delegated
-          VARIABLES.select { |name| ENV[name] }
+        def variables
+          vars = {}
+
+          ENV_VARIABLES.each do |name, attribute|
+            # Variables that are overriden in the environment take precedence
+            # over the defaults specified by the QA runtime.
+            value = env_value_if_defined(name) || send(attribute) # rubocop:disable GitlabSecurity/PublicSend
+            vars[name] = value if value
+          end
+
+          vars
+        end
+
+        def require_license!
+          return if ENV.include?('EE_LICENSE')
+
+          raise ArgumentError, 'GitLab License is not available. Please load a license into EE_LICENSE env variable.'
+        end
+
+        def require_no_license!
+          return unless ENV.include?('EE_LICENSE')
+
+          raise ArgumentError, "Unexpected EE_LICENSE provided. Please unset it to continue."
+        end
+
+        def require_qa_access_token!
+          return unless ENV['GITLAB_QA_ACCESS_TOKEN'].to_s.strip.empty?
+
+          raise ArgumentError, "Please provide GITLAB_QA_ACCESS_TOKEN"
+        end
+
+        private
+
+        def env_value_if_defined(variable)
+          # Pass through the variables if they are defined in the environment
+          return "$#{variable}" if ENV[variable]
         end
       end
     end

data/lib/gitlab/qa/scenario/test/instance/staging.rb

@@ -0,0 +1,26 @@
+module Gitlab
+  module QA
+    module Scenario
+      module Test
+        module Instance
+          ##
+          # Run test suite against staging.gitlab.com
+          #
+          class Staging < Scenario::Template
+            def perform(*)
+              Runtime::Env.require_no_license!
+
+              release = Component::Staging.release
+
+              Component::Specs.perform do |specs|
+                specs.suite = 'Test::Instance'
+                specs.release = release
+                specs.args = [Component::Staging::ADDRESS]
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/qa/scenario/test/integration/geo.rb

@@ -5,6 +5,7 @@ module Gitlab
         module Integration
           class Geo < Scenario::Template
             ##
+            # rubocop:disable Lint/MissingCopEnableDirective
             # rubocop:disable Metrics/MethodLength
             # rubocop:disable Metrics/AbcSize
             #
@@ -13,6 +14,8 @@ module Gitlab
 
               raise ArgumentError, 'Geo is EE only!' unless release.ee?
 
+              Runtime::Env.require_license!
+
               Component::Gitlab.perform do |primary|
                 primary.release = release
                 primary.name = 'gitlab-primary'
@@ -24,6 +27,8 @@ module Gitlab
                   postgresql['md5_auth_cidr_addresses'] = ['0.0.0.0/0'];
                   postgresql['max_replication_slots'] = 1;
                   gitlab_rails['db_key_base'] = '4dd58204865eb41bca93bd38131d51cc';
+                  sidekiq['concurrency'] = 2;
+                  unicorn['worker_processes'] = 2;
                 OMNIBUS
 
                 primary.instance do
@@ -34,6 +39,8 @@ module Gitlab
                     secondary.omnibus_config = <<~OMNIBUS
                       geo_secondary_role['enable'] = true;
                       gitlab_rails['db_key_base'] = '4dd58204865eb41bca93bd38131d51cc';
+                      sidekiq['concurrency'] = 2;
+                      unicorn['worker_processes'] = 2;
                     OMNIBUS
 
                     secondary.act do

data/lib/gitlab/qa/scenario/test/integration/ldap.rb

@@ -0,0 +1,47 @@
+require 'yaml'
+
+module Gitlab
+  module QA
+    module Scenario
+      module Test
+        module Integration
+          class LDAP < Scenario::Template
+            # rubocop:disable Metrics/AbcSize
+            def perform(release)
+              Component::Gitlab.perform do |gitlab|
+                gitlab.release = release
+                gitlab.name = 'gitlab-ldap'
+                gitlab.network = 'test'
+
+                Component::LDAP.perform do |ldap|
+                  ldap.enable_tls(false)
+                  ldap.network = 'test'
+                  ldap.set_gitlab_credentials
+
+                  gitlab.omnibus_config = <<~OMNIBUS
+                    gitlab_rails['ldap_enabled'] = true;
+                    gitlab_rails['ldap_servers'] = #{ldap.to_config};
+                  OMNIBUS
+
+                  ldap.instance do
+                    gitlab.instance do
+                      puts 'Running LDAP specs!'
+
+                      Component::Specs.perform do |specs|
+                        specs.suite = 'Test::Integration::LDAP'
+                        specs.release = gitlab.release
+                        specs.network = gitlab.network
+                        specs.args = [gitlab.address]
+                      end
+                    end
+                  end
+                end
+              end
+            end
+            # rubocop:enable Metrics/AbcSize
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/qa/scenario/test/omnibus/image.rb

@@ -4,15 +4,19 @@ module Gitlab
       module Test
         module Omnibus
           class Image < Scenario::Template
-            # rubocop:disable Style/Semicolon
             def perform(release)
               Component::Gitlab.perform do |gitlab|
                 gitlab.release = release
                 gitlab.network = 'bridge'
 
                 gitlab.act do
-                  prepare; start; reconfigure
-                  restart; wait; teardown
+                  prepare
+                  start
+                  reconfigure
+
+                  restart
+                  wait
+                  teardown
                 end
               end
             end

data/lib/gitlab/qa/scenario/test/sanity/version.rb

@@ -15,11 +15,13 @@ module Gitlab
             HOURS_AGO = 24
             COMMITS = 10_000
 
-            # rubocop:disable Style/Semicolon
             def perform(release)
               version = Component::Gitlab.perform do |gitlab|
                 gitlab.release = release
-                gitlab.act { pull; sha_version }
+                gitlab.act do
+                  pull
+                  sha_version
+                end
               end
 
               project = "gitlab-org/#{Release.new(release).project_name}"

data/lib/gitlab/qa/version.rb

@@ -1,5 +1,5 @@
 module Gitlab
   module QA
-    VERSION = '0.5.0'.freeze
+    VERSION = '0.6.0'.freeze
   end
 end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-qa
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Grzegorz Bizon
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-12-12 00:00:00.000000000 Z
+date: 2018-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: gitlab-styles
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 2.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 2.2.0
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -70,16 +70,30 @@ dependencies:
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.51'
+        version: 0.52.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.52.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.20.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.51'
+        version: 1.20.1
 description: 
 email:
 - grzesiek.bizon@gmail.com
@@ -104,12 +118,16 @@ files:
 - bin/setup
 - docs/README.md
 - docs/architecture.md
+- docs/macos.md
 - docs/trainings.md
 - exe/gitlab-qa
+- fixtures/ldap/tanuki.ldif
 - gitlab-qa.gemspec
 - lib/gitlab/qa.rb
 - lib/gitlab/qa/component/gitlab.rb
+- lib/gitlab/qa/component/ldap.rb
 - lib/gitlab/qa/component/specs.rb
+- lib/gitlab/qa/component/staging.rb
 - lib/gitlab/qa/docker/command.rb
 - lib/gitlab/qa/docker/engine.rb
 - lib/gitlab/qa/docker/shellout.rb
@@ -120,7 +138,9 @@ files:
 - lib/gitlab/qa/scenario/template.rb
 - lib/gitlab/qa/scenario/test/instance/any.rb
 - lib/gitlab/qa/scenario/test/instance/image.rb
+- lib/gitlab/qa/scenario/test/instance/staging.rb
 - lib/gitlab/qa/scenario/test/integration/geo.rb
+- lib/gitlab/qa/scenario/test/integration/ldap.rb
 - lib/gitlab/qa/scenario/test/integration/mattermost.rb
 - lib/gitlab/qa/scenario/test/omnibus/image.rb
 - lib/gitlab/qa/scenario/test/omnibus/update.rb
@@ -147,7 +167,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: Integration tests for GitLab