Commit 317620c2 authored by Mark Lapierre's avatar Mark Lapierre

Merge branch 'qa-105-shl-sync-admins-in-ldap-group' into 'master'

Update LDAP admin sync test to add and remove a user's admin status

See merge request gitlab-org/gitlab!17260
parents a04def94 9941027f
...@@ -114,6 +114,7 @@ module QA ...@@ -114,6 +114,7 @@ module QA
module Integration module Integration
autoload :Github, 'qa/scenario/test/integration/github' autoload :Github, 'qa/scenario/test/integration/github'
autoload :LDAPNoTLS, 'qa/scenario/test/integration/ldap_no_tls' autoload :LDAPNoTLS, 'qa/scenario/test/integration/ldap_no_tls'
autoload :LDAPNoServer, 'qa/scenario/test/integration/ldap_no_server'
autoload :LDAPTLS, 'qa/scenario/test/integration/ldap_tls' autoload :LDAPTLS, 'qa/scenario/test/integration/ldap_tls'
autoload :InstanceSAML, 'qa/scenario/test/integration/instance_saml' autoload :InstanceSAML, 'qa/scenario/test/integration/instance_saml'
autoload :OAuth, 'qa/scenario/test/integration/oauth' autoload :OAuth, 'qa/scenario/test/integration/oauth'
...@@ -394,6 +395,7 @@ module QA ...@@ -394,6 +395,7 @@ module QA
autoload :KubernetesCluster, 'qa/service/kubernetes_cluster' autoload :KubernetesCluster, 'qa/service/kubernetes_cluster'
autoload :Omnibus, 'qa/service/omnibus' autoload :Omnibus, 'qa/service/omnibus'
autoload :Runner, 'qa/service/runner' autoload :Runner, 'qa/service/runner'
autoload :LDAP, 'qa/service/ldap'
module ClusterProvider module ClusterProvider
autoload :Base, 'qa/service/cluster_provider/base' autoload :Base, 'qa/service/cluster_provider/base'
......
dn: ou=Global Groups,dc=example,dc=org
objectClass: organizationalUnit
ou: Global Groups
dn: ou=People,ou=Global Groups,dc=example,dc=org
objectClass: organizationalUnit
ou: People
# 1. hruser1
dn: uid=hruser1,ou=People,ou=Global Groups,dc=example,dc=org
cn: HR User 1
givenName: HR
sn: User1
uid: hruser1
uidNumber: 5000
gidNumber: 10000
homeDirectory: /home/hruser1
mail: hruser1@example.org
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
# hashed value for 'password'
userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
# 2. adminuser1
dn: uid=adminuser1,ou=People,ou=Global Groups,dc=example,dc=org
cn: Admin User 1
givenName: Admin
sn: User1
uid: adminuser1
uidNumber: 5009
gidNumber: 10009
homeDirectory: /home/adminuser1
mail: adminuser1@example.org
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
# hashed value for 'password'
userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
# 2. adminuser2
dn: uid=adminuser2,ou=People,ou=Global Groups,dc=example,dc=org
cn: Admin User 2
givenName: Admin
sn: User1
uid: adminuser2
uidNumber: 5010
gidNumber: 10010
homeDirectory: /home/adminuser2
mail: adminuser2@example.org
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
# hashed value for 'password'
userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
# 1. Human Resources
dn: cn=Human Resources,ou=Global Groups,dc=example,dc=org
objectClass: groupofnames
cn: Human Resources
description: Human Resources
member: uid=hruser1,ou=People,ou=Global Groups,dc=example,dc=org
# 2. Admin
dn: cn=AdminGroup,ou=Global Groups,dc=example,dc=org
objectClass: groupofnames
cn: AdminGroup
description: Human Resources
member: uid=adminuser1,ou=People,ou=Global Groups,dc=example,dc=org
member: uid=adminuser2,ou=People,ou=Global Groups,dc=example,dc=org
dn: ou=Global Groups,dc=example,dc=org
objectClass: organizationalUnit
ou: Global Groups
dn: ou=People,ou=Global Groups,dc=example,dc=org
objectClass: organizationalUnit
ou: People
# 1. Human Resources
dn: uid=hruser1,ou=People,ou=Global Groups,dc=example,dc=org
cn: HR User 1
givenName: HR
sn: User1
uid: hruser1
uidNumber: 5000
gidNumber: 10000
homeDirectory: /home/hruser1
mail: hruser1@example.org
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
# hashed value for 'password'
userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
# 2. Admin
dn: uid=adminuser1,ou=People,ou=Global Groups,dc=example,dc=org
cn: Admin User 1
givenName: Admin
sn: User1
uid: adminuser1
uidNumber: 5009
gidNumber: 10009
homeDirectory: /home/adminuser1
mail: adminuser1@example.org
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
# hashed value for 'password'
userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
dn: uid=adminuser2,ou=People,ou=Global Groups,dc=example,dc=org
cn: Admin User 2
givenName: Admin
sn: User1
uid: adminuser2
uidNumber: 5010
gidNumber: 10010
homeDirectory: /home/adminuser2
mail: adminuser2@example.org
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
# hashed value for 'password'
userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
# 1. Human Resources
dn: cn=Human Resources,ou=Global Groups,dc=example,dc=org
objectClass: groupofnames
cn: Human Resources
description: Human Resources
member: uid=hruser1,ou=People,ou=Global Groups,dc=example,dc=org
member: uid=adminuser1,ou=People,ou=Global Groups,dc=example,dc=org
# 2. Admin
dn: cn=AdminGroup,ou=Global Groups,dc=example,dc=org
objectClass: groupofnames
cn: AdminGroup
description: Human Resources
member: uid=adminuser2,ou=People,ou=Global Groups,dc=example,dc=org
...@@ -87,7 +87,7 @@ module QA ...@@ -87,7 +87,7 @@ module QA
click_element :sign_in_button click_element :sign_in_button
end end
Page::Main::Menu.perform(&:has_personal_area?) Page::Main::Menu.perform(&:signed_in?)
end end
def self.path def self.path
......
...@@ -96,6 +96,10 @@ module QA ...@@ -96,6 +96,10 @@ module QA
has_element?(:admin_area_link, wait: wait) has_element?(:admin_area_link, wait: wait)
end end
def has_no_admin_area_link?(wait: Capybara.default_max_wait_time)
has_no_element?(:admin_area_link, wait: wait)
end
def click_stop_impersonation_link def click_stop_impersonation_link
click_element(:stop_impersonation_link) click_element(:stop_impersonation_link)
end end
......
# frozen_string_literal: true
module QA
module Scenario
module Test
module Integration
class LDAPNoServer < Test::Instance::All
tags :ldap_no_server
end
end
end
end
end
# frozen_string_literal: true
module QA
module Service
class LDAP
include Service::Shellout
def initialize(volume)
@image = 'osixia/openldap:latest'
@name = 'ldap-server'
@network = Runtime::Scenario.attributes[:network] || 'test'
@volume = volume
end
def network
shell "docker network inspect #{@network}"
rescue CommandError
'bridge'
else
@network
end
def pull
shell "docker pull #{@image}"
end
def host_name
"#{@name}.#{network}"
end
def register!
shell <<~CMD.tr("\n", ' ')
docker run -d --rm
--network #{network}
--hostname #{host_name}
--name #{@name}
-p 389:389
--volume #{volume_or_fixture(@volume)}:/container/service/slapd/assets/config/bootstrap/ldif/custom
#{@image} --copy-service
CMD
end
def remove!
shell "docker rm -f #{@name}" if running?
end
def running?
`docker ps -f name=#{@name}`.include?(@name)
end
def volume_or_fixture(volume_name)
if volume_exists?(volume_name)
volume_name
else
File.expand_path("../fixtures/ldap/#{volume_name}", __dir__)
end
end
def volume_exists?(volume_name)
`docker volume ls -q -f name=#{volume_name}`.include?(volume_name)
end
end
end
end
# frozen_string_literal: true # frozen_string_literal: true
module QA module QA
context 'Manage', :orchestrated, :ldap_no_tls, :ldap_tls do context 'Manage', :orchestrated, :ldap_no_server do
describe 'LDAP admin sync' do describe 'LDAP admin sync' do
it 'Syncs admin users' do before do
Runtime::Browser.visit(:gitlab, Page::Main::Login) run_ldap_service_with_user_as('admin')
Page::Main::Login.perform do |login_page| Runtime::Browser.visit(:gitlab, Page::Main::Login)
user = Struct.new(:ldap_username, :ldap_password).new('adminuser1', 'password')
login_page.sign_in_using_ldap_credentials(user: user) login_with_ldap_admin_user
end end
it 'sets and removes user\'s admin status' do
Page::Main::Menu.perform do |menu| Page::Main::Menu.perform do |menu|
expect(menu).to have_personal_area
# The ldap_sync_worker_cron job is set to run every minute
admin_synchronised = menu.wait(max: 80, interval: 1, reload: true) do admin_synchronised = menu.wait(max: 80, interval: 1, reload: true) do
menu.has_admin_area_link? menu.has_admin_area_link?
end end
expect(admin_synchronised).to be_truthy expect(admin_synchronised).to be_truthy
end end
remove_ldap_service_with_user_as('admin')
run_ldap_service_with_user_as('non_admin')
login_with_ldap_admin_user
Page::Main::Menu.perform do |menu|
admin_removed = menu.wait(max: 80, interval: 1, reload: true) do
menu.has_no_admin_area_link?
end
expect(admin_removed).to be_truthy
end
end
after do
remove_ldap_service_with_user_as('non_admin')
end
def run_ldap_service_with_user_as(user_status)
Service::LDAP.new(user_status).tap do |runner|
runner.pull
runner.register!
end
end
def remove_ldap_service_with_user_as(user_status)
Service::LDAP.new(user_status).remove!
end
def login_with_ldap_admin_user
Page::Main::Login.perform do |login_page|
user = Struct.new(:ldap_username, :ldap_password).new('adminuser1', 'password')
QA::Support::Retrier.retry_until(exit_on_failure: true, sleep_interval: 3, max_attempts: 5) do
login_page.sign_in_using_ldap_credentials(user)
end
end
end end
end end
end end
......
...@@ -8,6 +8,14 @@ describe QA::Scenario::Test::Integration::LDAPNoTLS do ...@@ -8,6 +8,14 @@ describe QA::Scenario::Test::Integration::LDAPNoTLS do
end end
end end
describe QA::Scenario::Test::Integration::LDAPNoServer do
context '#perform' do
it_behaves_like 'a QA scenario class' do
let(:tags) { [:ldap_no_server] }
end
end
end
describe QA::Scenario::Test::Integration::LDAPTLS do describe QA::Scenario::Test::Integration::LDAPTLS do
context '#perform' do context '#perform' do
it_behaves_like 'a QA scenario class' do it_behaves_like 'a QA scenario class' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment