Merge branch 'qa-105-shl-sync-admins-in-ldap-group' into 'master'

Update LDAP admin sync test to add and remove a user's admin status See merge request gitlab-org/gitlab!17260

Merge branch 'qa-105-shl-sync-admins-in-ldap-group' into 'master'
Update LDAP admin sync test to add and remove a user's admin status See merge request gitlab-org/gitlab!17260
317620c2 · Mark Lapierre · a04def94 · 9941027f · 317620c2 · 317620c2
Commit 317620c2 authored Sep 25, 2019 by Mark Lapierre
13 changed files
--- a/qa/qa.rb
+++ b/qa/qa.rb
@@ -114,6 +114,7 @@ module QA
      module Integration
        autoload :Github, 'qa/scenario/test/integration/github'
        autoload :LDAPNoTLS, 'qa/scenario/test/integration/ldap_no_tls'
+        autoload :LDAPNoServer, 'qa/scenario/test/integration/ldap_no_server'
        autoload :LDAPTLS, 'qa/scenario/test/integration/ldap_tls'
        autoload :InstanceSAML, 'qa/scenario/test/integration/instance_saml'
        autoload :OAuth, 'qa/scenario/test/integration/oauth'
@@ -394,6 +395,7 @@ module QA
    autoload :KubernetesCluster, 'qa/service/kubernetes_cluster'
    autoload :Omnibus, 'qa/service/omnibus'
    autoload :Runner, 'qa/service/runner'
+    autoload :LDAP, 'qa/service/ldap'

    module ClusterProvider
      autoload :Base, 'qa/service/cluster_provider/base'

--- a/qa/qa/fixtures/ldap/admin/1_add_nodes.ldif
+++ b/qa/qa/fixtures/ldap/admin/1_add_nodes.ldif
+dn: ou=Global Groups,dc=example,dc=org
+objectClass: organizationalUnit
+ou: Global Groups
+
+dn: ou=People,ou=Global Groups,dc=example,dc=org
+objectClass: organizationalUnit
+ou: People
--- a/qa/qa/fixtures/ldap/admin/2_add_users.ldif
+++ b/qa/qa/fixtures/ldap/admin/2_add_users.ldif
+
+# 1. hruser1
+
+dn: uid=hruser1,ou=People,ou=Global Groups,dc=example,dc=org
+cn: HR User 1
+givenName: HR
+sn: User1
+uid: hruser1
+uidNumber: 5000
+gidNumber: 10000
+homeDirectory: /home/hruser1
+mail: hruser1@example.org
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+# hashed value for 'password'
+userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
+
+# 2. adminuser1
+
+dn: uid=adminuser1,ou=People,ou=Global Groups,dc=example,dc=org
+cn: Admin User 1
+givenName: Admin
+sn: User1
+uid: adminuser1
+uidNumber: 5009
+gidNumber: 10009
+homeDirectory: /home/adminuser1
+mail: adminuser1@example.org
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+# hashed value for 'password'
+userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
+
+# 2. adminuser2
+
+dn: uid=adminuser2,ou=People,ou=Global Groups,dc=example,dc=org
+cn: Admin User 2
+givenName: Admin
+sn: User1
+uid: adminuser2
+uidNumber: 5010
+gidNumber: 10010
+homeDirectory: /home/adminuser2
+mail: adminuser2@example.org
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+# hashed value for 'password'
+userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
--- a/qa/qa/fixtures/ldap/admin/3_add_groups.ldif
+++ b/qa/qa/fixtures/ldap/admin/3_add_groups.ldif
+# 1. Human Resources
+
+dn: cn=Human Resources,ou=Global Groups,dc=example,dc=org
+objectClass: groupofnames
+cn: Human Resources
+description: Human Resources
+member: uid=hruser1,ou=People,ou=Global Groups,dc=example,dc=org
+
+# 2. Admin
+
+dn: cn=AdminGroup,ou=Global Groups,dc=example,dc=org
+objectClass: groupofnames
+cn: AdminGroup
+description: Human Resources
+member: uid=adminuser1,ou=People,ou=Global Groups,dc=example,dc=org
+member: uid=adminuser2,ou=People,ou=Global Groups,dc=example,dc=org
--- a/qa/qa/fixtures/ldap/non_admin/1_add_nodes.ldif
+++ b/qa/qa/fixtures/ldap/non_admin/1_add_nodes.ldif
+dn: ou=Global Groups,dc=example,dc=org
+objectClass: organizationalUnit
+ou: Global Groups
+
+dn: ou=People,ou=Global Groups,dc=example,dc=org
+objectClass: organizationalUnit
+ou: People
--- a/qa/qa/fixtures/ldap/non_admin/2_add_users.ldif
+++ b/qa/qa/fixtures/ldap/non_admin/2_add_users.ldif
+
+# 1. Human Resources
+
+dn: uid=hruser1,ou=People,ou=Global Groups,dc=example,dc=org
+cn: HR User 1
+givenName: HR
+sn: User1
+uid: hruser1
+uidNumber: 5000
+gidNumber: 10000
+homeDirectory: /home/hruser1
+mail: hruser1@example.org
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+# hashed value for 'password'
+userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
+
+# 2. Admin
+
+dn: uid=adminuser1,ou=People,ou=Global Groups,dc=example,dc=org
+cn: Admin User 1
+givenName: Admin
+sn: User1
+uid: adminuser1
+uidNumber: 5009
+gidNumber: 10009
+homeDirectory: /home/adminuser1
+mail: adminuser1@example.org
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+# hashed value for 'password'
+userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
+
+dn: uid=adminuser2,ou=People,ou=Global Groups,dc=example,dc=org
+cn: Admin User 2
+givenName: Admin
+sn: User1
+uid: adminuser2
+uidNumber: 5010
+gidNumber: 10010
+homeDirectory: /home/adminuser2
+mail: adminuser2@example.org
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+# hashed value for 'password'
+userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
--- a/qa/qa/fixtures/ldap/non_admin/3_add_groups.ldif
+++ b/qa/qa/fixtures/ldap/non_admin/3_add_groups.ldif
+# 1. Human Resources
+
+dn: cn=Human Resources,ou=Global Groups,dc=example,dc=org
+objectClass: groupofnames
+cn: Human Resources
+description: Human Resources
+member: uid=hruser1,ou=People,ou=Global Groups,dc=example,dc=org
+member: uid=adminuser1,ou=People,ou=Global Groups,dc=example,dc=org
+
+# 2. Admin
+
+dn: cn=AdminGroup,ou=Global Groups,dc=example,dc=org
+objectClass: groupofnames
+cn: AdminGroup
+description: Human Resources
+member: uid=adminuser2,ou=People,ou=Global Groups,dc=example,dc=org
--- a/qa/qa/page/main/login.rb
+++ b/qa/qa/page/main/login.rb
@@ -87,7 +87,7 @@ module QA
            click_element :sign_in_button
          end

-          Page::Main::Menu.perform(&:has_personal_area?)
+          Page::Main::Menu.perform(&:signed_in?)
        end

        def self.path

--- a/qa/qa/page/main/menu.rb
+++ b/qa/qa/page/main/menu.rb
@@ -96,6 +96,10 @@ module QA
          has_element?(:admin_area_link, wait: wait)
        end

+        def has_no_admin_area_link?(wait: Capybara.default_max_wait_time)
+          has_no_element?(:admin_area_link, wait: wait)
+        end
+
        def click_stop_impersonation_link
          click_element(:stop_impersonation_link)
        end

--- a/qa/qa/scenario/test/integration/ldap_no_server.rb
+++ b/qa/qa/scenario/test/integration/ldap_no_server.rb
+# frozen_string_literal: true
+
+module QA
+  module Scenario
+    module Test
+      module Integration
+        class LDAPNoServer < Test::Instance::All
+          tags :ldap_no_server
+        end
+      end
+    end
+  end
+end
--- a/qa/qa/service/ldap.rb
+++ b/qa/qa/service/ldap.rb
+# frozen_string_literal: true
+
+module QA
+  module Service
+    class LDAP
+      include Service::Shellout
+
+      def initialize(volume)
+        @image = 'osixia/openldap:latest'
+        @name = 'ldap-server'
+        @network = Runtime::Scenario.attributes[:network] || 'test'
+        @volume = volume
+      end
+
+      def network
+        shell "docker network inspect #{@network}"
+      rescue CommandError
+        'bridge'
+      else
+        @network
+      end
+
+      def pull
+        shell "docker pull #{@image}"
+      end
+
+      def host_name
+        "#{@name}.#{network}"
+      end
+
+      def register!
+        shell <<~CMD.tr("\n", ' ')
+          docker run -d --rm
+          --network #{network}
+          --hostname #{host_name}
+          --name #{@name}
+          -p 389:389
+          --volume #{volume_or_fixture(@volume)}:/container/service/slapd/assets/config/bootstrap/ldif/custom
+          #{@image} --copy-service
+        CMD
+      end
+
+      def remove!
+        shell "docker rm -f #{@name}" if running?
+      end
+
+      def running?
+        `docker ps -f name=#{@name}`.include?(@name)
+      end
+
+      def volume_or_fixture(volume_name)
+        if volume_exists?(volume_name)
+          volume_name
+        else
+          File.expand_path("../fixtures/ldap/#{volume_name}", __dir__)
+        end
+      end
+
+      def volume_exists?(volume_name)
+        `docker volume ls -q -f name=#{volume_name}`.include?(volume_name)
+      end
+    end
+  end
+end
--- a/qa/qa/specs/features/ee/browser_ui/1_manage/ldap/admin_ldap_sync_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/1_manage/ldap/admin_ldap_sync_spec.rb
 # frozen_string_literal: true
-
 module QA
-  context 'Manage', :orchestrated, :ldap_no_tls, :ldap_tls do
+  context 'Manage', :orchestrated, :ldap_no_server do
    describe 'LDAP admin sync' do
-      it 'Syncs admin users' do
-        Runtime::Browser.visit(:gitlab, Page::Main::Login)
+      before do
+        run_ldap_service_with_user_as('admin')

-        Page::Main::Login.perform do |login_page|
-          user = Struct.new(:ldap_username, :ldap_password).new('adminuser1', 'password')
+        Runtime::Browser.visit(:gitlab, Page::Main::Login)

-          login_page.sign_in_using_ldap_credentials(user: user)
-        end
+        login_with_ldap_admin_user
+      end

+      it 'sets and removes user\'s admin status' do
        Page::Main::Menu.perform do |menu|
-          expect(menu).to have_personal_area
-
-          # The ldap_sync_worker_cron job is set to run every minute
          admin_synchronised = menu.wait(max: 80, interval: 1, reload: true) do
            menu.has_admin_area_link?
          end

          expect(admin_synchronised).to be_truthy
        end
+
+        remove_ldap_service_with_user_as('admin')
+
+        run_ldap_service_with_user_as('non_admin')
+
+        login_with_ldap_admin_user
+
+        Page::Main::Menu.perform do |menu|
+          admin_removed = menu.wait(max: 80, interval: 1, reload: true) do
+            menu.has_no_admin_area_link?
+          end
+
+          expect(admin_removed).to be_truthy
+        end
+      end
+
+      after do
+        remove_ldap_service_with_user_as('non_admin')
+      end
+
+      def run_ldap_service_with_user_as(user_status)
+        Service::LDAP.new(user_status).tap do |runner|
+          runner.pull
+          runner.register!
+        end
+      end
+
+      def remove_ldap_service_with_user_as(user_status)
+        Service::LDAP.new(user_status).remove!
+      end
+
+      def login_with_ldap_admin_user
+        Page::Main::Login.perform do |login_page|
+          user = Struct.new(:ldap_username, :ldap_password).new('adminuser1', 'password')
+
+          QA::Support::Retrier.retry_until(exit_on_failure: true, sleep_interval: 3, max_attempts: 5) do
+            login_page.sign_in_using_ldap_credentials(user)
+          end
+        end
      end
    end
  end

--- a/qa/spec/scenario/test/integration/ldap_spec.rb
+++ b/qa/spec/scenario/test/integration/ldap_spec.rb
@@ -8,6 +8,14 @@ describe QA::Scenario::Test::Integration::LDAPNoTLS do
  end
 end

+describe QA::Scenario::Test::Integration::LDAPNoServer do
+  context '#perform' do
+    it_behaves_like 'a QA scenario class' do
+      let(:tags) { [:ldap_no_server] }
+    end
+  end
+end
+
 describe QA::Scenario::Test::Integration::LDAPTLS do
  context '#perform' do
    it_behaves_like 'a QA scenario class' do