Commit 07245629 authored by Sanad Liaquat's avatar Sanad Liaquat Committed by Dan Davison

Use dynamic top level group for ip restriction

Set Gold plan on top-level group in live environments
Ensure that ip address was set correctly
Add some logging
Some refactoring
parent e68bf142
...@@ -32,7 +32,7 @@ ...@@ -32,7 +32,7 @@
- else - else
.form-actions .form-actions
= f.submit _('Save changes'), class: "btn btn-success" = f.submit _('Save changes'), class: "btn btn-success", data: { qa_selector: 'save_changes_button' }
= link_to _('Cancel'), admin_group_path(@group), class: "btn btn-cancel" = link_to _('Cancel'), admin_group_path(@group), class: "btn btn-cancel"
= render_if_exists 'ldap_group_links/ldap_syncrhonizations', group: @group = render_if_exists 'ldap_group_links/ldap_syncrhonizations', group: @group
- group = local_assigns.fetch(:group) - group = local_assigns.fetch(:group)
- css_class = 'no-description' if group.description.blank? - css_class = 'no-description' if group.description.blank?
%li.group-row.py-3{ class: css_class } %li.group-row.py-3{ class: css_class, data: { qa_selector: 'group_row_content' } }
.controls .controls
= link_to _('Edit'), admin_group_edit_path(group), id: "edit_#{dom_id(group)}", class: 'btn' = link_to _('Edit'), admin_group_edit_path(group), id: "edit_#{dom_id(group)}", class: 'btn'
= link_to _('Delete'), [:admin, group], data: { confirm: _("Are you sure you want to remove %{group_name}?") % { group_name: group.name } }, method: :delete, class: 'btn btn-remove' = link_to _('Delete'), [:admin, group], data: { confirm: _("Are you sure you want to remove %{group_name}?") % { group_name: group.name } }, method: :delete, class: 'btn btn-remove'
...@@ -26,7 +26,7 @@ ...@@ -26,7 +26,7 @@
.avatar-container.rect-avatar.s40 .avatar-container.rect-avatar.s40
= group_icon(group, class: "avatar s40 d-none d-sm-block") = group_icon(group, class: "avatar s40 d-none d-sm-block")
.title .title
= link_to [:admin, group], class: 'group-name' do = link_to [:admin, group], class: 'group-name', data: { qa_selector: 'group_name_link' } do
= group.full_name = group.full_name
- if group.description.present? - if group.description.present?
......
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
.search-holder .search-holder
- project_name = params[:name].present? ? params[:name] : nil - project_name = params[:name].present? ? params[:name] : nil
.search-field-holder .search-field-holder
= search_field_tag :name, project_name, class: "form-control search-text-input js-search-input", autofocus: true, spellcheck: false, placeholder: 'Search by name' = search_field_tag :name, project_name, class: "form-control search-text-input js-search-input", autofocus: true, spellcheck: false, placeholder: 'Search by name', data: { qa_selector: 'group_search_field' }
= icon("search", class: "search-icon") = icon("search", class: "search-icon")
= render "shared/groups/dropdown", options_hash: admin_groups_sort_options_hash = render "shared/groups/dropdown", options_hash: admin_groups_sort_options_hash
= link_to new_admin_group_path, class: "btn btn-success" do = link_to new_admin_group_path, class: "btn btn-success" do
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
%h3.page-title %h3.page-title
= _('Group: %{group_name}') % { group_name: @group.full_name } = _('Group: %{group_name}') % { group_name: @group.full_name }
= link_to admin_group_edit_path(@group), class: "btn float-right" do = link_to admin_group_edit_path(@group), class: "btn float-right", data: { qa_selector: 'edit_group_link' } do
%i.fa.fa-pencil-square-o %i.fa.fa-pencil-square-o
= _('Edit') = _('Edit')
%hr %hr
......
...@@ -28,11 +28,11 @@ ...@@ -28,11 +28,11 @@
%span %span
= _('Projects') = _('Projects')
= nav_link(controller: :users) do = nav_link(controller: :users) do
= link_to admin_users_path, title: _('Users') , data: { qa_selector: 'users_overview_link' } do = link_to admin_users_path, title: _('Users'), data: { qa_selector: 'users_overview_link' } do
%span %span
= _('Users') = _('Users')
= nav_link(controller: :groups) do = nav_link(controller: :groups) do
= link_to admin_groups_path, title: _('Groups') do = link_to admin_groups_path, title: _('Groups'), data: { qa_selector: 'groups_overview_link' } do
%span %span
= _('Groups') = _('Groups')
= nav_link path: 'jobs#index' do = nav_link path: 'jobs#index' do
......
...@@ -8,4 +8,4 @@ ...@@ -8,4 +8,4 @@
= f.fields_for :gitlab_subscription do |f| = f.fields_for :gitlab_subscription do |f|
= f.select :hosted_plan_id, Plan.pluck(:title, :id), = f.select :hosted_plan_id, Plan.pluck(:title, :id),
{ include_blank: 'No plan' }, { include_blank: 'No plan' },
class: 'form-control' class: 'form-control', data: { qa_selector: 'plan_dropdown' }
...@@ -369,6 +369,12 @@ module QA ...@@ -369,6 +369,12 @@ module QA
autoload :Index, 'qa/page/admin/overview/users/index' autoload :Index, 'qa/page/admin/overview/users/index'
autoload :Show, 'qa/page/admin/overview/users/show' autoload :Show, 'qa/page/admin/overview/users/show'
end end
module Groups
autoload :Index, 'qa/page/admin/overview/groups/index'
autoload :Show, 'qa/page/admin/overview/groups/show'
autoload :Edit, 'qa/page/admin/overview/groups/edit'
end
end end
end end
......
...@@ -77,6 +77,12 @@ module QA ...@@ -77,6 +77,12 @@ module QA
autoload :Elasticsearch, 'qa/ee/page/admin/settings/component/elasticsearch' autoload :Elasticsearch, 'qa/ee/page/admin/settings/component/elasticsearch'
end end
end end
module Overview
module Groups
autoload :Edit, 'qa/ee/page/admin/overview/groups/edit'
end
end
end end
module Profile module Profile
......
# frozen_string_literal: true
module QA
module EE
module Page
module Admin
module Overview
module Groups
module Edit
def self.included(page)
page.class_eval do
view 'ee/app/views/admin/_namespace_plan.html.haml' do
element :plan_dropdown
end
end
end
def select_plan(plan)
select_element(:plan_dropdown, plan)
end
end
end
end
end
end
end
end
...@@ -57,12 +57,18 @@ module QA ...@@ -57,12 +57,18 @@ module QA
end end
def set_ip_address_restriction(ip_address) def set_ip_address_restriction(ip_address)
QA::Runtime::Logger.debug(%Q[Setting ip address restriction to: #{ip_address}])
expand_section(:permission_lfs_2fa_section) expand_section(:permission_lfs_2fa_section)
find_element(:ip_restriction_field).send_keys([:command, 'a'], :backspace) find_element(:ip_restriction_field).send_keys([:command, 'a'], :backspace)
find_element(:ip_restriction_field).set ip_address find_element(:ip_restriction_field).set ip_address
click_element :save_permissions_changes_button click_element :save_permissions_changes_button
end end
def restricted_ip_address
expand_section(:permission_lfs_2fa_section)
find_element(:ip_restriction_field).value
end
def set_membership_lock_enabled def set_membership_lock_enabled
expand_section :permission_lfs_2fa_section expand_section :permission_lfs_2fa_section
check_element :membership_lock_checkbox check_element :membership_lock_checkbox
......
...@@ -16,9 +16,7 @@ module QA ...@@ -16,9 +16,7 @@ module QA
element :admin_sidebar_monitoring_submenu_content element :admin_sidebar_monitoring_submenu_content
element :admin_sidebar_overview_submenu_content element :admin_sidebar_overview_submenu_content
element :users_overview_link element :users_overview_link
end element :groups_overview_link
view 'app/views/layouts/nav/sidebar/_admin.html.haml' do
element :integration_settings_link element :integration_settings_link
end end
...@@ -76,6 +74,12 @@ module QA ...@@ -76,6 +74,12 @@ module QA
end end
end end
def go_to_groups_overview
within_submenu(:admin_sidebar_overview_submenu_content) do
click_element :groups_overview_link
end
end
private private
def hover_element(element) def hover_element(element)
......
# frozen_string_literal: true
module QA
module Page
module Admin
module Overview
module Groups
class Edit < QA::Page::Base
view 'app/views/admin/groups/_form.html.haml' do
element :save_changes_button, required: true
end
def click_save_changes_button
click_element :save_changes_button, Groups::Show
end
end
end
end
end
end
end
QA::Page::Admin::Overview::Groups::Edit.prepend_if_ee('QA::EE::Page::Admin::Overview::Groups::Edit')
# frozen_string_literal: true
module QA
module Page
module Admin
module Overview
module Groups
class Index < QA::Page::Base
view 'app/views/admin/groups/index.html.haml' do
element :group_search_field, required: true
end
view 'app/views/admin/groups/_group.html.haml' do
element :group_row_content
element :group_name_link
end
def search_group(group_name)
find_element(:group_search_field).set(group_name).send_keys(:return)
end
def click_group(group_name)
within_element(:group_row_content, text: group_name) do
click_element(:group_name_link)
end
end
end
end
end
end
end
end
# frozen_string_literal: true
module QA
module Page
module Admin
module Overview
module Groups
class Show < QA::Page::Base
view 'app/views/admin/groups/show.html.haml' do
element :edit_group_link, required: true
end
def click_edit_group_link
click_element :edit_group_link, Groups::Edit
end
end
end
end
end
end
end
...@@ -23,6 +23,10 @@ module QA ...@@ -23,6 +23,10 @@ module QA
SUPPORTED_FEATURES SUPPORTED_FEATURES
end end
def dot_com?
Runtime::Scenario.gitlab_address.include?(".com")
end
def additional_repository_storage def additional_repository_storage
ENV['QA_ADDITIONAL_REPOSITORY_STORAGE'] ENV['QA_ADDITIONAL_REPOSITORY_STORAGE']
end end
......
...@@ -8,7 +8,7 @@ module QA ...@@ -8,7 +8,7 @@ module QA
before(:all) do before(:all) do
@sandbox_group = Resource::Sandbox.fabricate! do |sandbox_group| @sandbox_group = Resource::Sandbox.fabricate! do |sandbox_group|
sandbox_group.path = 'gitlab-qa-ip-restricted-sandbox-group' sandbox_group.path = "gitlab-qa-ip-restricted-sandbox-group-#{SecureRandom.hex(8)}"
end end
@user = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1) @user = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1)
...@@ -17,26 +17,26 @@ module QA ...@@ -17,26 +17,26 @@ module QA
group.path = "ip-address-restricted-group-#{SecureRandom.hex(8)}" group.path = "ip-address-restricted-group-#{SecureRandom.hex(8)}"
group.sandbox = @sandbox_group group.sandbox = @sandbox_group
end end
enable_plan_on_group(@group.name, "Gold") if Runtime::Env.dot_com?
end end
after(:all) do after(:all) do
@group.remove_via_api! @sandbox_group.remove_via_api!
end end
context 'when restricted by another ip address' do before do
it 'denies access' do page.visit Runtime::Scenario.gitlab_address
Flow::Login.while_signed_in_as_admin do
@group.sandbox.visit!
Page::Group::Menu.perform(&:click_group_general_settings_item) set_ip_address_restriction_to(ip_address)
Page::Group::Settings::General.perform do |settings| Flow::Login.sign_in(as: @user)
settings.set_ip_address_restriction(get_next_ip_address(fetch_current_ip_address))
end
end end
Flow::Login.sign_in(as: @user) context 'when restricted by another ip address' do
let(:ip_address) { get_next_ip_address(fetch_current_ip_address) }
it 'denies access' do
@group.sandbox.visit! @group.sandbox.visit!
expect(page).to have_text('Page Not Found') expect(page).to have_text('Page Not Found')
page.go_back page.go_back
...@@ -48,24 +48,41 @@ module QA ...@@ -48,24 +48,41 @@ module QA
end end
context 'when restricted by user\'s ip address' do context 'when restricted by user\'s ip address' do
let(:ip_address) { fetch_current_ip_address }
it 'allows access' do it 'allows access' do
@group.sandbox.visit!
expect(page).to have_text(@group.sandbox.path)
@group.visit!
expect(page).to have_text(@group.path)
end
end
private
def set_ip_address_restriction_to(ip_address)
Flow::Login.while_signed_in_as_admin do Flow::Login.while_signed_in_as_admin do
@group.sandbox.visit! @group.sandbox.visit!
Page::Group::Menu.perform(&:click_group_general_settings_item) Page::Group::Menu.perform(&:click_group_general_settings_item)
Page::Group::Settings::General.perform do |settings| Page::Group::Settings::General.perform do |settings|
settings.set_ip_address_restriction(fetch_current_ip_address) settings.set_ip_address_restriction(ip_address)
end
end end
Flow::Login.sign_in(as: @user) # TODO: On un-quarantine, re-evaluate if this is needed.
ensure_ip_address_set_to(ip_address)
end
end
def ensure_ip_address_set_to(ip_address)
@group.sandbox.visit! @group.sandbox.visit!
expect(page).to have_text(@group.sandbox.path)
@group.visit! Page::Group::Menu.perform(&:click_group_general_settings_item)
expect(page).to have_text(@group.path)
Page::Group::Settings::General.perform do |settings|
expect(settings.restricted_ip_address).to eq ip_address
end end
end end
...@@ -76,6 +93,25 @@ module QA ...@@ -76,6 +93,25 @@ module QA
current_ip_address.split(".")[0...-1].push(updated_last_part).join(".") current_ip_address.split(".")[0...-1].push(updated_last_part).join(".")
end end
def enable_plan_on_group(group, plan)
Flow::Login.while_signed_in_as_admin do
Page::Main::Menu.perform(&:go_to_admin_area)
Page::Admin::Menu.perform(&:go_to_groups_overview)
Page::Admin::Overview::Groups::Index.perform do |index|
index.search_group(group)
index.click_group(group)
end
Page::Admin::Overview::Groups::Show.perform(&:click_edit_group_link)
Page::Admin::Overview::Groups::Edit.perform do |edit|
edit.select_plan(plan)
edit.click_save_changes_button
end
end
end
end end
end end
end end
...@@ -340,4 +340,18 @@ describe QA::Runtime::Env do ...@@ -340,4 +340,18 @@ describe QA::Runtime::Env do
end end
end end
end end
describe '.dot_com?' do
it 'returns true when url has .com' do
QA::Runtime::Scenario.define(:gitlab_address, "https://staging.gitlab.com")
expect(described_class.dot_com?).to be_truthy
end
it 'returns false when url does not have .com' do
QA::Runtime::Scenario.define(:gitlab_address, "https://gitlab.test")
expect(described_class.dot_com?).to be_falsy
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment