Commit 1d0262a9 authored by Sanad Liaquat's avatar Sanad Liaquat

Merge branch 'qa-shl-fix-ip-address-whitelisting-e2e-spec' into 'master'

Use public IP address of runner on CI against static environments

Closes #34351

See merge request gitlab-org/gitlab!21027
parents cac8eab9 3b76fb19
tmp/
.ruby-version
.ruby-gemset
urls.yml
......@@ -35,6 +35,7 @@ module QA
autoload :Logger, 'qa/runtime/logger'
autoload :GPG, 'qa/runtime/gpg'
autoload :MailHog, 'qa/runtime/mail_hog'
autoload :IPAddress, 'qa/runtime/ip_address'
module API
autoload :Client, 'qa/runtime/api/client'
......
......@@ -100,7 +100,7 @@ module QA
url = Runtime::API::Request.new(api_client, api_delete_path).url
response = delete(url)
unless response.code == HTTP_STATUS_NO_CONTENT
unless [HTTP_STATUS_NO_CONTENT, HTTP_STATUS_ACCEPTED].include? response.code
raise ResourceNotDeletedError, "Resource at #{url} could not be deleted (#{response.code}): `#{response}`."
end
......
......@@ -70,6 +70,10 @@ module QA
}
end
def api_delete_path
"/groups/#{id}"
end
def full_path
sandbox.path + ' / ' + path
end
......
# frozen_string_literal: true
require 'socket'
module QA
module Runtime
module IPAddress
include Support::Api
HostUnreachableError = Class.new(StandardError)
LOOPBACK_ADDRESS = '127.0.0.1'
PUBLIC_IP_ADDRESS_API = "https://api.ipify.org"
def fetch_current_ip_address
# When running on CI against a live environment such as staging.gitlab.com,
# we use the public facing IP address
ip_address = if Env.running_in_ci? && !URI.parse(Scenario.gitlab_address).host.include?('test')
response = get(PUBLIC_IP_ADDRESS_API)
raise HostUnreachableError, "#{PUBLIC_IP_ADDRESS_API} is unreachable" unless response.code == Support::Api::HTTP_STATUS_OK
response.body
elsif page.current_host.include?('localhost')
LOOPBACK_ADDRESS
else
Socket.ip_address_list.detect { |intf| intf.ipv4_private? }.ip_address
end
QA::Runtime::Logger.info "Current IP address: #{ip_address}"
ip_address
end
end
end
end
# frozen_string_literal: true
require 'securerandom'
require 'socket'
module QA
# https://gitlab.com/gitlab-org/gitlab/issues/34351
context 'Manage', :quarantine do
describe 'Group access' do
LOOPBACK_ADDRESS = '127.0.0.1'
context 'Manage' do
describe 'Group access', :requires_admin do
include Runtime::IPAddress
before(:all) do
@sandbox_group = Resource::Sandbox.fabricate! do |sandbox_group|
......@@ -21,31 +19,23 @@ module QA
end
end
before do
Page::Main::Menu.perform do |menu|
menu.sign_out if menu.has_personal_area?(wait: 0)
end
Flow::Login.sign_in
after(:all) do
@group.remove_via_api!
end
context 'when restricted by another ip address' do
it 'denies access' do
@group.sandbox.visit!
Page::Group::Menu.perform(&:click_group_general_settings_item)
Flow::Login.while_signed_in_as_admin do
@group.sandbox.visit!
Page::Group::Settings::General.perform do |settings|
settings.set_ip_address_restriction(get_next_ip_address)
end
Page::Group::Menu.perform(&:click_group_general_settings_item)
Page::Main::Menu.perform do |menu|
menu.sign_out if menu.has_personal_area?(wait: 0)
Page::Group::Settings::General.perform do |settings|
settings.set_ip_address_restriction(get_next_ip_address(fetch_current_ip_address))
end
end
Page::Main::Login.perform do |menu|
menu.sign_in_using_credentials(user: @user)
end
Flow::Login.sign_in(as: @user)
@group.sandbox.visit!
expect(page).to have_text('Page Not Found')
......@@ -59,21 +49,17 @@ module QA
context 'when restricted by user\'s ip address' do
it 'allows access' do
@group.sandbox.visit!
Flow::Login.while_signed_in_as_admin do
@group.sandbox.visit!
Page::Group::Menu.perform(&:click_group_general_settings_item)
Page::Group::Menu.perform(&:click_group_general_settings_item)
Page::Group::Settings::General.perform do |settings|
settings.set_ip_address_restriction(get_current_ip_address)
Page::Group::Settings::General.perform do |settings|
settings.set_ip_address_restriction(fetch_current_ip_address)
end
end
Page::Main::Menu.perform do |menu|
menu.sign_out if menu.has_personal_area?(wait: 0)
end
Page::Main::Login.perform do |menu|
menu.sign_in_using_credentials(user: @user)
end
Flow::Login.sign_in(as: @user)
@group.sandbox.visit!
expect(page).to have_text(@group.sandbox.path)
......@@ -83,22 +69,12 @@ module QA
end
end
def get_current_ip_address
return LOOPBACK_ADDRESS if page.current_host.include?('localhost')
Socket.ip_address_list.detect { |intf| intf.ipv4_private? }.ip_address
end
def get_next_ip_address
current_ip = get_current_ip_address
QA::Runtime::Logger.info "User's ip address: #{current_ip}"
current_last_part = current_ip.split(".").pop.to_i
def get_next_ip_address(current_ip_address)
current_last_part = current_ip_address.split(".").pop.to_i
updated_last_part = current_last_part < 255 ? current_last_part + 1 : 1
current_ip.split(".")[0...-1].push(updated_last_part).join(".")
current_ip_address.split(".")[0...-1].push(updated_last_part).join(".")
end
end
end
......
......@@ -6,6 +6,7 @@ module QA
HTTP_STATUS_OK = 200
HTTP_STATUS_CREATED = 201
HTTP_STATUS_NO_CONTENT = 204
HTTP_STATUS_ACCEPTED = 202
def post(url, payload)
RestClient::Request.execute(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment