Initial commit

Use ACCEPT_INSECURE_CERTS env var and fix step

Simplify saml signin

Fix rubo cop offence

Add missing # frozen_string_literal: true

.rubocop.yml

@@ -84,6 +84,7 @@ Naming/FileName:
     - EE
     - JSON
     - LDAP
+    - SAML
     - IO
     - HMAC
     - QA

app/views/devise/shared/_omniauth_box.html.haml

@@ -5,7 +5,7 @@
   .d-flex.justify-content-between.flex-wrap
     - providers.each do |provider|
       - has_icon = provider_has_icon?(provider)
-      = link_to omniauth_authorize_path(:user, provider), method: :post, class: 'btn d-flex align-items-center omniauth-btn text-left oauth-login', id: "oauth-login-#{provider}" do
+      = link_to omniauth_authorize_path(:user, provider), method: :post, class: 'btn d-flex align-items-center omniauth-btn text-left oauth-login qa-saml-login-button', id: "oauth-login-#{provider}" do
         - if has_icon
           = provider_image_tag(provider)
         %span

qa/qa.rb

@@ -97,6 +97,7 @@ module QA
       module Integration
         autoload :Github, 'qa/scenario/test/integration/github'
         autoload :LDAP, 'qa/scenario/test/integration/ldap'
+        autoload :InstanceSAML, 'qa/scenario/test/integration/instance_saml'
         autoload :Kubernetes, 'qa/scenario/test/integration/kubernetes'
         autoload :Mattermost, 'qa/scenario/test/integration/mattermost'
         autoload :ObjectStorage, 'qa/scenario/test/integration/object_storage'
@@ -300,6 +301,18 @@ module QA
     autoload :Config, 'qa/specs/config'
     autoload :Runner, 'qa/specs/runner'
   end
+
+  ##
+  # Classes that describe the structure of vendor/third party application pages
+  #
+  module Vendor
+    module SAMLIdp
+      module Page
+        autoload :Base, 'qa/vendor/saml_idp/page/base'
+        autoload :Login, 'qa/vendor/saml_idp/page/login'
+      end
+    end
+  end
 end
 
 QA::Runtime::Release.extend_autoloads!

qa/qa/page/main/login.rb

@@ -31,6 +31,10 @@ module QA
           element :register_tab
         end
 
+        view 'app/views/devise/shared/_omniauth_box.html.haml' do
+          element :saml_login_button
+        end
+
         def initialize
           # The login page is usually the entry point for all the scenarios so
           # we need to wait for the instance to start. That said, in some cases
@@ -130,6 +134,11 @@ module QA
           click_element :sign_in_button
         end
 
+        def sign_in_with_saml
+          set_initial_password_if_present
+          click_element :saml_login_button
+        end
+
         def sign_in_using_gitlab_credentials(user)
           switch_to_sign_in_tab if has_sign_in_tab?
           switch_to_standard_tab if has_standard_tab?

qa/qa/runtime/browser.rb

@@ -51,6 +51,10 @@ module QA
             }
           )
 
+          if QA::Runtime::Env.accept_insecure_certs?
+            capabilities['acceptInsecureCerts'] = true
+          end
+
           options = Selenium::WebDriver::Chrome::Options.new
           options.add_argument("window-size=1240,1680")
 

qa/qa/runtime/env.rb

@@ -8,6 +8,10 @@ module QA
         enabled?(ENV['CHROME_HEADLESS'])
       end
 
+      def accept_insecure_certs?
+        enabled?(ENV['ACCEPT_INSECURE_CERTS'])
+      end
+
       def running_in_ci?
         ENV['CI'] || ENV['CI_SERVER']
       end

qa/qa/scenario/test/integration/instance_saml.rb

+# frozen_string_literal: true
+
+module QA
+  module Scenario
+    module Test
+      module Integration
+        class InstanceSAML < Test::Instance::All
+          tags :instance_saml
+        end
+      end
+    end
+  end
+end

qa/qa/specs/features/browser_ui/1_manage/login/login_via_instance_wide_saml_sso_spec.rb

+# frozen_string_literal: true
+
+module QA
+  context :manage, :orchestrated, :instance_saml do
+    describe 'Instance wide SAML SSO' do
+      it 'User logs in to gitlab with SAML SSO' do
+        Runtime::Browser.visit(:gitlab, Page::Main::Login)
+
+        Page::Main::Login.act { sign_in_with_saml }
+
+        Vendor::SAMLIdp::Page::Login.act { login }
+
+        expect(page).to have_content('Welcome to GitLab')
+      end
+    end
+  end
+end

qa/qa/vendor/saml_idp/page/base.rb

+# frozen_string_literal: true
+
+module QA
+  module Vendor
+    module SAMLIdp
+      module Page
+        class Base
+          include Capybara::DSL
+          include Scenario::Actable
+        end
+      end
+    end
+  end
+end

qa/qa/vendor/saml_idp/page/login.rb

+# frozen_string_literal: true
+
+require 'capybara/dsl'
+
+module QA
+  module Vendor
+    module SAMLIdp
+      module Page
+        class Login < Page::Base
+          def login
+            fill_in 'username', with: 'user1'
+            fill_in 'password', with: 'user1pass'
+            click_on 'Login'
+          end
+        end
+      end
+    end
+  end
+end

qa/spec/scenario/test/integration/instance_saml_spec.rb

+# frozen_string_literal: true
+
+describe QA::Scenario::Test::Integration::InstanceSAML do
+  context '#perform' do
+    it_behaves_like 'a QA scenario class' do
+      let(:tags) { [:instance_saml] }
+    end
+  end
+end