Merge branch 'qa-shl-fix-ip-address-whitelisting-e2e-spec' into 'master'

Use public IP address of runner on CI against static environments

Closes #34351

See merge request gitlab-org/gitlab!21027

qa/.gitignore

 tmp/
 .ruby-version
+.ruby-gemset
 urls.yml

qa/qa.rb

@@ -35,6 +35,7 @@ module QA
     autoload :Logger, 'qa/runtime/logger'
     autoload :GPG, 'qa/runtime/gpg'
     autoload :MailHog, 'qa/runtime/mail_hog'
+    autoload :IPAddress, 'qa/runtime/ip_address'
 
     module API
       autoload :Client, 'qa/runtime/api/client'

qa/qa/resource/api_fabricator.rb

@@ -100,7 +100,7 @@ module QA
         url = Runtime::API::Request.new(api_client, api_delete_path).url
         response = delete(url)
 
-        unless response.code == HTTP_STATUS_NO_CONTENT
+        unless [HTTP_STATUS_NO_CONTENT, HTTP_STATUS_ACCEPTED].include? response.code
           raise ResourceNotDeletedError, "Resource at #{url} could not be deleted (#{response.code}): `#{response}`."
         end
 

qa/qa/resource/group.rb

@@ -70,6 +70,10 @@ module QA
         }
       end
 
+      def api_delete_path
+        "/groups/#{id}"
+      end
+
       def full_path
         sandbox.path + ' / ' + path
       end

qa/qa/runtime/ip_address.rb

+# frozen_string_literal: true
+require 'socket'
+
+module QA
+  module Runtime
+    module IPAddress
+      include Support::Api
+      HostUnreachableError = Class.new(StandardError)
+
+      LOOPBACK_ADDRESS = '127.0.0.1'
+      PUBLIC_IP_ADDRESS_API = "https://api.ipify.org"
+
+      def fetch_current_ip_address
+        # When running on CI against a live environment such as staging.gitlab.com,
+        # we use the public facing IP address
+        ip_address = if Env.running_in_ci? && !URI.parse(Scenario.gitlab_address).host.include?('test')
+                       response = get(PUBLIC_IP_ADDRESS_API)
+                       raise HostUnreachableError, "#{PUBLIC_IP_ADDRESS_API} is unreachable" unless response.code == Support::Api::HTTP_STATUS_OK
+
+                       response.body
+                     elsif page.current_host.include?('localhost')
+                       LOOPBACK_ADDRESS
+                     else
+                       Socket.ip_address_list.detect { |intf| intf.ipv4_private? }.ip_address
+                     end
+
+        QA::Runtime::Logger.info "Current IP address: #{ip_address}"
+
+        ip_address
+      end
+    end
+  end
+end

qa/qa/specs/features/ee/browser_ui/1_manage/group/restrict_by_ip_address_spec.rb

 # frozen_string_literal: true
 require 'securerandom'
-require 'socket'
 
 module QA
-  # https://gitlab.com/gitlab-org/gitlab/issues/34351
-  context 'Manage', :quarantine do
-    describe 'Group access' do
-      LOOPBACK_ADDRESS = '127.0.0.1'
+  context 'Manage' do
+    describe 'Group access', :requires_admin do
+      include Runtime::IPAddress
 
       before(:all) do
         @sandbox_group = Resource::Sandbox.fabricate! do |sandbox_group|
@@ -21,31 +19,23 @@ module QA
         end
       end
 
-      before do
-        Page::Main::Menu.perform do |menu|
-          menu.sign_out if menu.has_personal_area?(wait: 0)
-        end
-
-        Flow::Login.sign_in
+      after(:all) do
+        @group.remove_via_api!
       end
 
       context 'when restricted by another ip address' do
         it 'denies access' do
+          Flow::Login.while_signed_in_as_admin do
             @group.sandbox.visit!
 
             Page::Group::Menu.perform(&:click_group_general_settings_item)
 
             Page::Group::Settings::General.perform do |settings|
-            settings.set_ip_address_restriction(get_next_ip_address)
+              settings.set_ip_address_restriction(get_next_ip_address(fetch_current_ip_address))
             end
-
-          Page::Main::Menu.perform do |menu|
-            menu.sign_out if menu.has_personal_area?(wait: 0)
           end
 
-          Page::Main::Login.perform do |menu|
-            menu.sign_in_using_credentials(user: @user)
-          end
+          Flow::Login.sign_in(as: @user)
 
           @group.sandbox.visit!
           expect(page).to have_text('Page Not Found')
@@ -59,21 +49,17 @@ module QA
 
       context 'when restricted by user\'s ip address' do
         it 'allows access' do
+          Flow::Login.while_signed_in_as_admin do
             @group.sandbox.visit!
 
             Page::Group::Menu.perform(&:click_group_general_settings_item)
 
             Page::Group::Settings::General.perform do |settings|
-            settings.set_ip_address_restriction(get_current_ip_address)
+              settings.set_ip_address_restriction(fetch_current_ip_address)
             end
-
-          Page::Main::Menu.perform do |menu|
-            menu.sign_out if menu.has_personal_area?(wait: 0)
           end
 
-          Page::Main::Login.perform do |menu|
-            menu.sign_in_using_credentials(user: @user)
-          end
+          Flow::Login.sign_in(as: @user)
 
           @group.sandbox.visit!
           expect(page).to have_text(@group.sandbox.path)
@@ -83,22 +69,12 @@ module QA
         end
       end
 
-      def get_current_ip_address
-        return LOOPBACK_ADDRESS if page.current_host.include?('localhost')
-
-        Socket.ip_address_list.detect { |intf| intf.ipv4_private? }.ip_address
-      end
-
-      def get_next_ip_address
-        current_ip = get_current_ip_address
-
-        QA::Runtime::Logger.info "User's ip address: #{current_ip}"
-
-        current_last_part = current_ip.split(".").pop.to_i
+      def get_next_ip_address(current_ip_address)
+        current_last_part = current_ip_address.split(".").pop.to_i
 
         updated_last_part = current_last_part < 255 ? current_last_part + 1 : 1
 
-        current_ip.split(".")[0...-1].push(updated_last_part).join(".")
+        current_ip_address.split(".")[0...-1].push(updated_last_part).join(".")
       end
     end
   end

qa/qa/support/api.rb

@@ -6,6 +6,7 @@ module QA
       HTTP_STATUS_OK = 200
       HTTP_STATUS_CREATED = 201
       HTTP_STATUS_NO_CONTENT = 204
+      HTTP_STATUS_ACCEPTED = 202
 
       def post(url, payload)
         RestClient::Request.execute(