Commit 4974792b authored by manojmj's avatar manojmj

Add E2E tests for Group SSO Membership

This change adds E2E tests for
Group SSO Membership
parent 313d4d0f
...@@ -53,7 +53,7 @@ ...@@ -53,7 +53,7 @@
.well-segment.borderless.gl-mb-3.col-12.col-lg-9.gl-p-0 .well-segment.borderless.gl-mb-3.col-12.col-lg-9.gl-p-0
= f.label :default_membership_role, class: 'label-bold' do = f.label :default_membership_role, class: 'label-bold' do
= s_('GroupSAML|Default membership role') = s_('GroupSAML|Default membership role')
= f.select :default_membership_role, options_for_select(::Gitlab::Access.options, saml_provider.default_membership_role), {}, class: 'form-control' = f.select :default_membership_role, options_for_select(::Gitlab::Access.options, saml_provider.default_membership_role), {}, class: 'form-control', data: { qa_selector: 'default_membership_role_dropdown' }
.form-text.text-muted .form-text.text-muted
= s_('GroupSAML|This will be set as the access level of users added to the group.') = s_('GroupSAML|This will be set as the access level of users added to the group.')
......
...@@ -9,6 +9,7 @@ module QA ...@@ -9,6 +9,7 @@ module QA
view 'ee/app/views/groups/saml_providers/_form.html.haml' do view 'ee/app/views/groups/saml_providers/_form.html.haml' do
element :identity_provider_sso_field element :identity_provider_sso_field
element :certificate_fingerprint_field element :certificate_fingerprint_field
element :default_membership_role_dropdown
element :enforced_sso_toggle_button element :enforced_sso_toggle_button
element :group_managed_accounts_toggle_button element :group_managed_accounts_toggle_button
element :save_changes_button element :save_changes_button
...@@ -30,6 +31,10 @@ module QA ...@@ -30,6 +31,10 @@ module QA
fill_element :certificate_fingerprint_field, fingerprint fill_element :certificate_fingerprint_field, fingerprint
end end
def set_default_membership_role(role)
select_element(:default_membership_role_dropdown, role)
end
def has_enforced_sso_button? def has_enforced_sso_button?
has_button = has_element?(:enforced_sso_toggle_button, wait: 5) has_button = has_element?(:enforced_sso_toggle_button, wait: 5)
QA::Runtime::Logger.debug "has_enforced_sso_button?: #{has_button}" QA::Runtime::Logger.debug "has_enforced_sso_button?: #{has_button}"
......
...@@ -18,7 +18,7 @@ module QA ...@@ -18,7 +18,7 @@ module QA
end end
end end
def enable_saml_sso(group, saml_idp_service) def enable_saml_sso(group, saml_idp_service, default_membership_role = 'Guest')
page.visit Runtime::Scenario.gitlab_address page.visit Runtime::Scenario.gitlab_address
Page::Main::Login.perform(&:sign_in_using_credentials) unless Page::Main::Menu.perform(&:signed_in?) Page::Main::Login.perform(&:sign_in_using_credentials) unless Page::Main::Menu.perform(&:signed_in?)
...@@ -29,6 +29,7 @@ module QA ...@@ -29,6 +29,7 @@ module QA
EE::Page::Group::Settings::SamlSSO.perform do |saml_sso| EE::Page::Group::Settings::SamlSSO.perform do |saml_sso|
saml_sso.set_id_provider_sso_url(saml_idp_service.idp_sso_url) saml_sso.set_id_provider_sso_url(saml_idp_service.idp_sso_url)
saml_sso.set_cert_fingerprint(saml_idp_service.idp_certificate_fingerprint) saml_sso.set_cert_fingerprint(saml_idp_service.idp_certificate_fingerprint)
saml_sso.set_default_membership_role(default_membership_role)
saml_sso.click_save_changes saml_sso.click_save_changes
saml_sso.user_login_url_link_text saml_sso.user_login_url_link_text
......
...@@ -24,6 +24,29 @@ module QA ...@@ -24,6 +24,29 @@ module QA
Flow::Login.sign_in Flow::Login.sign_in
end end
context 'when SAML SSO is configured with a default membership role' do
let(:user) { Resource::User.fabricate_via_api! }
let(:default_membership_role) { 'Developer' }
it 'adds the new member with access level as set in SAML SSO configuration' do
managed_group_url = Flow::Saml.enable_saml_sso(@group, @saml_idp_service, default_membership_role)
page.visit Runtime::Scenario.gitlab_address
Page::Main::Menu.perform(&:sign_out_if_signed_in)
Flow::Login.sign_in(as: user)
page.visit managed_group_url
EE::Page::Group::SamlSSOSignIn.perform(&:click_sign_in)
Flow::Saml.login_to_idp_if_required('user3', 'user3pass')
expect(page).to have_content("SAML for #{@group.path} was added to your connected accounts")
member_details = @group.list_members.find { |item| item['username'] == user.username }
expect(member_details['access_level']).to eq(Resource::Members::AccessLevel::DEVELOPER)
Page::Main::Menu.perform(&:sign_out_if_signed_in)
end
end
it 'User logs in to group with SAML SSO' do it 'User logs in to group with SAML SSO' do
managed_group_url = Flow::Saml.enable_saml_sso(@group, @saml_idp_service) managed_group_url = Flow::Saml.enable_saml_sso(@group, @saml_idp_service)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment