Commit 07245629 authored by Sanad Liaquat's avatar Sanad Liaquat Committed by Dan Davison

Use dynamic top level group for ip restriction

Set Gold plan on top-level group in live environments
Ensure that ip address was set correctly
Add some logging
Some refactoring
parent e68bf142
......@@ -32,7 +32,7 @@
- else
.form-actions
= f.submit _('Save changes'), class: "btn btn-success"
= f.submit _('Save changes'), class: "btn btn-success", data: { qa_selector: 'save_changes_button' }
= link_to _('Cancel'), admin_group_path(@group), class: "btn btn-cancel"
= render_if_exists 'ldap_group_links/ldap_syncrhonizations', group: @group
- group = local_assigns.fetch(:group)
- css_class = 'no-description' if group.description.blank?
%li.group-row.py-3{ class: css_class }
%li.group-row.py-3{ class: css_class, data: { qa_selector: 'group_row_content' } }
.controls
= link_to _('Edit'), admin_group_edit_path(group), id: "edit_#{dom_id(group)}", class: 'btn'
= link_to _('Delete'), [:admin, group], data: { confirm: _("Are you sure you want to remove %{group_name}?") % { group_name: group.name } }, method: :delete, class: 'btn btn-remove'
......@@ -26,7 +26,7 @@
.avatar-container.rect-avatar.s40
= group_icon(group, class: "avatar s40 d-none d-sm-block")
.title
= link_to [:admin, group], class: 'group-name' do
= link_to [:admin, group], class: 'group-name', data: { qa_selector: 'group_name_link' } do
= group.full_name
- if group.description.present?
......
......@@ -7,7 +7,7 @@
.search-holder
- project_name = params[:name].present? ? params[:name] : nil
.search-field-holder
= search_field_tag :name, project_name, class: "form-control search-text-input js-search-input", autofocus: true, spellcheck: false, placeholder: 'Search by name'
= search_field_tag :name, project_name, class: "form-control search-text-input js-search-input", autofocus: true, spellcheck: false, placeholder: 'Search by name', data: { qa_selector: 'group_search_field' }
= icon("search", class: "search-icon")
= render "shared/groups/dropdown", options_hash: admin_groups_sort_options_hash
= link_to new_admin_group_path, class: "btn btn-success" do
......
......@@ -4,7 +4,7 @@
%h3.page-title
= _('Group: %{group_name}') % { group_name: @group.full_name }
= link_to admin_group_edit_path(@group), class: "btn float-right" do
= link_to admin_group_edit_path(@group), class: "btn float-right", data: { qa_selector: 'edit_group_link' } do
%i.fa.fa-pencil-square-o
= _('Edit')
%hr
......
......@@ -28,11 +28,11 @@
%span
= _('Projects')
= nav_link(controller: :users) do
= link_to admin_users_path, title: _('Users') , data: { qa_selector: 'users_overview_link' } do
= link_to admin_users_path, title: _('Users'), data: { qa_selector: 'users_overview_link' } do
%span
= _('Users')
= nav_link(controller: :groups) do
= link_to admin_groups_path, title: _('Groups') do
= link_to admin_groups_path, title: _('Groups'), data: { qa_selector: 'groups_overview_link' } do
%span
= _('Groups')
= nav_link path: 'jobs#index' do
......
......@@ -8,4 +8,4 @@
= f.fields_for :gitlab_subscription do |f|
= f.select :hosted_plan_id, Plan.pluck(:title, :id),
{ include_blank: 'No plan' },
class: 'form-control'
class: 'form-control', data: { qa_selector: 'plan_dropdown' }
......@@ -369,6 +369,12 @@ module QA
autoload :Index, 'qa/page/admin/overview/users/index'
autoload :Show, 'qa/page/admin/overview/users/show'
end
module Groups
autoload :Index, 'qa/page/admin/overview/groups/index'
autoload :Show, 'qa/page/admin/overview/groups/show'
autoload :Edit, 'qa/page/admin/overview/groups/edit'
end
end
end
......
......@@ -77,6 +77,12 @@ module QA
autoload :Elasticsearch, 'qa/ee/page/admin/settings/component/elasticsearch'
end
end
module Overview
module Groups
autoload :Edit, 'qa/ee/page/admin/overview/groups/edit'
end
end
end
module Profile
......
# frozen_string_literal: true
module QA
module EE
module Page
module Admin
module Overview
module Groups
module Edit
def self.included(page)
page.class_eval do
view 'ee/app/views/admin/_namespace_plan.html.haml' do
element :plan_dropdown
end
end
end
def select_plan(plan)
select_element(:plan_dropdown, plan)
end
end
end
end
end
end
end
end
......@@ -57,12 +57,18 @@ module QA
end
def set_ip_address_restriction(ip_address)
QA::Runtime::Logger.debug(%Q[Setting ip address restriction to: #{ip_address}])
expand_section(:permission_lfs_2fa_section)
find_element(:ip_restriction_field).send_keys([:command, 'a'], :backspace)
find_element(:ip_restriction_field).set ip_address
click_element :save_permissions_changes_button
end
def restricted_ip_address
expand_section(:permission_lfs_2fa_section)
find_element(:ip_restriction_field).value
end
def set_membership_lock_enabled
expand_section :permission_lfs_2fa_section
check_element :membership_lock_checkbox
......
......@@ -16,9 +16,7 @@ module QA
element :admin_sidebar_monitoring_submenu_content
element :admin_sidebar_overview_submenu_content
element :users_overview_link
end
view 'app/views/layouts/nav/sidebar/_admin.html.haml' do
element :groups_overview_link
element :integration_settings_link
end
......@@ -76,6 +74,12 @@ module QA
end
end
def go_to_groups_overview
within_submenu(:admin_sidebar_overview_submenu_content) do
click_element :groups_overview_link
end
end
private
def hover_element(element)
......
# frozen_string_literal: true
module QA
module Page
module Admin
module Overview
module Groups
class Edit < QA::Page::Base
view 'app/views/admin/groups/_form.html.haml' do
element :save_changes_button, required: true
end
def click_save_changes_button
click_element :save_changes_button, Groups::Show
end
end
end
end
end
end
end
QA::Page::Admin::Overview::Groups::Edit.prepend_if_ee('QA::EE::Page::Admin::Overview::Groups::Edit')
# frozen_string_literal: true
module QA
module Page
module Admin
module Overview
module Groups
class Index < QA::Page::Base
view 'app/views/admin/groups/index.html.haml' do
element :group_search_field, required: true
end
view 'app/views/admin/groups/_group.html.haml' do
element :group_row_content
element :group_name_link
end
def search_group(group_name)
find_element(:group_search_field).set(group_name).send_keys(:return)
end
def click_group(group_name)
within_element(:group_row_content, text: group_name) do
click_element(:group_name_link)
end
end
end
end
end
end
end
end
# frozen_string_literal: true
module QA
module Page
module Admin
module Overview
module Groups
class Show < QA::Page::Base
view 'app/views/admin/groups/show.html.haml' do
element :edit_group_link, required: true
end
def click_edit_group_link
click_element :edit_group_link, Groups::Edit
end
end
end
end
end
end
end
......@@ -23,6 +23,10 @@ module QA
SUPPORTED_FEATURES
end
def dot_com?
Runtime::Scenario.gitlab_address.include?(".com")
end
def additional_repository_storage
ENV['QA_ADDITIONAL_REPOSITORY_STORAGE']
end
......
......@@ -8,7 +8,7 @@ module QA
before(:all) do
@sandbox_group = Resource::Sandbox.fabricate! do |sandbox_group|
sandbox_group.path = 'gitlab-qa-ip-restricted-sandbox-group'
sandbox_group.path = "gitlab-qa-ip-restricted-sandbox-group-#{SecureRandom.hex(8)}"
end
@user = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1)
......@@ -17,26 +17,26 @@ module QA
group.path = "ip-address-restricted-group-#{SecureRandom.hex(8)}"
group.sandbox = @sandbox_group
end
enable_plan_on_group(@group.name, "Gold") if Runtime::Env.dot_com?
end
after(:all) do
@group.remove_via_api!
@sandbox_group.remove_via_api!
end
context 'when restricted by another ip address' do
it 'denies access' do
Flow::Login.while_signed_in_as_admin do
@group.sandbox.visit!
before do
page.visit Runtime::Scenario.gitlab_address
Page::Group::Menu.perform(&:click_group_general_settings_item)
set_ip_address_restriction_to(ip_address)
Page::Group::Settings::General.perform do |settings|
settings.set_ip_address_restriction(get_next_ip_address(fetch_current_ip_address))
end
end
Flow::Login.sign_in(as: @user)
end
Flow::Login.sign_in(as: @user)
context 'when restricted by another ip address' do
let(:ip_address) { get_next_ip_address(fetch_current_ip_address) }
it 'denies access' do
@group.sandbox.visit!
expect(page).to have_text('Page Not Found')
page.go_back
......@@ -48,24 +48,41 @@ module QA
end
context 'when restricted by user\'s ip address' do
let(:ip_address) { fetch_current_ip_address }
it 'allows access' do
Flow::Login.while_signed_in_as_admin do
@group.sandbox.visit!
@group.sandbox.visit!
expect(page).to have_text(@group.sandbox.path)
@group.visit!
expect(page).to have_text(@group.path)
end
end
Page::Group::Menu.perform(&:click_group_general_settings_item)
private
def set_ip_address_restriction_to(ip_address)
Flow::Login.while_signed_in_as_admin do
@group.sandbox.visit!
Page::Group::Settings::General.perform do |settings|
settings.set_ip_address_restriction(fetch_current_ip_address)
end
Page::Group::Menu.perform(&:click_group_general_settings_item)
Page::Group::Settings::General.perform do |settings|
settings.set_ip_address_restriction(ip_address)
end
Flow::Login.sign_in(as: @user)
# TODO: On un-quarantine, re-evaluate if this is needed.
ensure_ip_address_set_to(ip_address)
end
end
@group.sandbox.visit!
expect(page).to have_text(@group.sandbox.path)
def ensure_ip_address_set_to(ip_address)
@group.sandbox.visit!
@group.visit!
expect(page).to have_text(@group.path)
Page::Group::Menu.perform(&:click_group_general_settings_item)
Page::Group::Settings::General.perform do |settings|
expect(settings.restricted_ip_address).to eq ip_address
end
end
......@@ -76,6 +93,25 @@ module QA
current_ip_address.split(".")[0...-1].push(updated_last_part).join(".")
end
def enable_plan_on_group(group, plan)
Flow::Login.while_signed_in_as_admin do
Page::Main::Menu.perform(&:go_to_admin_area)
Page::Admin::Menu.perform(&:go_to_groups_overview)
Page::Admin::Overview::Groups::Index.perform do |index|
index.search_group(group)
index.click_group(group)
end
Page::Admin::Overview::Groups::Show.perform(&:click_edit_group_link)
Page::Admin::Overview::Groups::Edit.perform do |edit|
edit.select_plan(plan)
edit.click_save_changes_button
end
end
end
end
end
end
......@@ -340,4 +340,18 @@ describe QA::Runtime::Env do
end
end
end
describe '.dot_com?' do
it 'returns true when url has .com' do
QA::Runtime::Scenario.define(:gitlab_address, "https://staging.gitlab.com")
expect(described_class.dot_com?).to be_truthy
end
it 'returns false when url does not have .com' do
QA::Runtime::Scenario.define(:gitlab_address, "https://gitlab.test")
expect(described_class.dot_com?).to be_falsy
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment