Add latest changes from gitlab-org/gitlab@master

7 files changed, 178 insertions, 0 deletions

diff --git a/qa/qa.rb b/qa/qa.rb
index 685cab36b05..29205c63251 100644
--- a/qa/qa.rb
+++ b/qa/qa.rb
@@ -16,6 +16,8 @@ module QA
   module Flow
     autoload :Login, 'qa/flow/login'
     autoload :Project, 'qa/flow/project'
+    autoload :Saml, 'qa/flow/saml'
+    autoload :User, 'qa/flow/user'
   end
 
   ##
@@ -431,6 +433,7 @@ module QA
       autoload :NodeJs, 'qa/service/docker_run/node_js'
       autoload :GitlabRunner, 'qa/service/docker_run/gitlab_runner'
       autoload :MailHog, 'qa/service/docker_run/mail_hog'
+      autoload :SamlIdp, 'qa/service/docker_run/saml_idp'
     end
   end
 
diff --git a/qa/qa/flow/saml.rb b/qa/qa/flow/saml.rb
new file mode 100644
index 00000000000..0b9f9f94fbd
--- /dev/null
+++ b/qa/qa/flow/saml.rb
@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module QA
+  module Flow
+    module Saml
+      module_function
+
+      def page
+        Capybara.current_session
+      end
+
+      def logout_from_idp(saml_idp_service)
+        Runtime::Logger.debug("Logging out of IDP by visiting \"#{saml_idp_service.idp_sign_out_url}\"")
+
+        Support::Waiter.wait_until(sleep_interval: 1, reload_page: page) do
+          page.visit saml_idp_service.idp_sign_out_url
+          page.has_content?("You have been logged out.")
+        end
+      end
+
+      def enable_saml_sso(group, saml_idp_service)
+        page.visit Runtime::Scenario.gitlab_address
+
+        Page::Main::Login.perform(&:sign_in_using_credentials) unless Page::Main::Menu.perform(&:signed_in?)
+
+        visit_saml_sso_settings(group)
+
+        Support::Retrier.retry_on_exception do
+          EE::Page::Group::Settings::SamlSSO.perform do |saml_sso|
+            saml_sso.set_id_provider_sso_url(saml_idp_service.idp_sso_url)
+            saml_sso.set_cert_fingerprint(saml_idp_service.idp_certificate_fingerprint)
+            saml_sso.click_save_changes
+
+            saml_sso.user_login_url_link_text
+          end
+        end
+      end
+
+      def visit_saml_sso_settings(group, direct: false)
+        if direct
+          page.visit "#{group.web_url}/-/saml"
+        else
+          group.visit!
+
+          Page::Group::Menu.perform(&:go_to_saml_sso_group_settings)
+        end
+        # The toggle buttons take a moment to switch to the correct status.
+        # I am not sure of a better, less complex way to wait for them to reflect their actual status.
+        sleep 2
+      end
+
+      def run_saml_idp_service(group_name)
+        service = Service::DockerRun::SamlIdp.new(Runtime::Scenario.gitlab_address, group_name).tap do |runner|
+          runner.pull
+          runner.register!
+        end
+
+        service
+      end
+
+      def remove_saml_idp_service(saml_idp_service)
+        saml_idp_service.remove!
+      end
+
+      def login_to_idp_if_required(username, password)
+        Vendor::SAMLIdp::Page::Login.perform { |login_page| login_page.login_if_required(username, password) }
+      end
+    end
+  end
+end
diff --git a/qa/qa/flow/user.rb b/qa/qa/flow/user.rb
new file mode 100644
index 00000000000..acc77cb9830
--- /dev/null
+++ b/qa/qa/flow/user.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module QA
+  module Flow
+    module User
+      module_function
+
+      def page
+        Capybara.current_session
+      end
+
+      def confirm_user(username)
+        Flow::Login.while_signed_in_as_admin do
+          Page::Main::Menu.perform(&:go_to_admin_area)
+          Page::Admin::Menu.perform(&:go_to_users_overview)
+          Page::Admin::Overview::Users::Index.perform do |index|
+            index.search_user(username)
+            index.click_user(username)
+          end
+
+          Page::Admin::Overview::Users::Show.perform(&:confirm_user)
+        end
+      end
+    end
+  end
+end
diff --git a/qa/qa/resource/members.rb b/qa/qa/resource/members.rb
index c738a91a77f..38a620a5427 100644
--- a/qa/qa/resource/members.rb
+++ b/qa/qa/resource/members.rb
@@ -11,6 +11,10 @@ module QA
         post Runtime::API::Request.new(api_client, api_members_path).url, { user_id: user.id, access_level: access_level }
       end
 
+      def remove_member(user)
+        delete Runtime::API::Request.new(api_client, "#{api_members_path}/#{user.id}").url
+      end
+
       def list_members
         JSON.parse(get(Runtime::API::Request.new(api_client, api_members_path).url).body)
       end
diff --git a/qa/qa/resource/sandbox.rb b/qa/qa/resource/sandbox.rb
index 54c13071cef..7b427af6b74 100644
--- a/qa/qa/resource/sandbox.rb
+++ b/qa/qa/resource/sandbox.rb
@@ -63,6 +63,10 @@ module QA
         '/groups'
       end
 
+      def api_delete_path
+        "/groups/#{id}"
+      end
+
       def api_post_body
         {
           path: path,
diff --git a/qa/qa/runtime/feature.rb b/qa/qa/runtime/feature.rb
index 25fc02a887e..9cb2c925b19 100644
--- a/qa/qa/runtime/feature.rb
+++ b/qa/qa/runtime/feature.rb
@@ -38,6 +38,8 @@ module QA
           end
 
           raise SetFeatureError, "#{key} was not enabled!" unless is_enabled
+
+          QA::Runtime::Logger.info("Successfully enabled and verified feature flag: #{key}")
         end
       end
 
diff --git a/qa/qa/service/docker_run/saml_idp.rb b/qa/qa/service/docker_run/saml_idp.rb
new file mode 100644
index 00000000000..a0638bbcc2e
--- /dev/null
+++ b/qa/qa/service/docker_run/saml_idp.rb
@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module QA
+  module Service
+    module DockerRun
+      class SamlIdp < Base
+        def initialize(gitlab_host, group)
+          @image = 'jamedjo/test-saml-idp'
+          @name = 'saml-idp-server'
+          @gitlab_host = gitlab_host
+          @group = group
+          super()
+        end
+
+        def idp_base_url
+          "https://#{host_name}:8443/simplesaml"
+        end
+
+        def idp_sso_url
+          "#{idp_base_url}/saml2/idp/SSOService.php"
+        end
+
+        def idp_sign_out_url
+          "#{idp_base_url}/module.php/core/authenticate.php?as=example-userpass&logout"
+        end
+
+        def idp_signed_out_url
+          "#{idp_base_url}/logout.php"
+        end
+
+        def idp_metadata_url
+          "#{idp_base_url}/saml2/idp/metadata.php"
+        end
+
+        def idp_issuer
+          idp_metadata_url
+        end
+
+        def idp_certificate_fingerprint
+          QA::Runtime::Env.simple_saml_fingerprint || '119b9e027959cdb7c662cfd075d9e2ef384e445f'
+        end
+
+        def host_name
+          return 'localhost' unless QA::Runtime::Env.running_in_ci?
+
+          super
+        end
+
+        def register!
+          command = <<~CMD.tr("\n", ' ')
+            docker run -d --rm
+            --network #{network}
+            --hostname #{host_name}
+            --name #{@name}
+            --env SIMPLESAMLPHP_SP_ENTITY_ID=#{@gitlab_host}/groups/#{@group}
+            --env SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE=#{@gitlab_host}/groups/#{@group}/-/saml/callback
+            --publish 8080:8080
+            --publish 8443:8443
+            #{@image}
+          CMD
+
+          command.gsub!("--network #{network} ", '') unless QA::Runtime::Env.running_in_ci?
+
+          shell command
+        end
+      end
+    end
+  end
+end