Merge branch '214523-e2e-tests-set-default-role-for-sso-in-gitlab-com' into 'master'

Add E2E tests for Group SSO Membership

See merge request gitlab-org/gitlab!38463

ee/app/views/groups/saml_providers/_form.html.haml

@@ -53,7 +53,7 @@
     .well-segment.borderless.gl-mb-3.col-12.col-lg-9.gl-p-0
       = f.label :default_membership_role, class: 'label-bold' do
         = s_('GroupSAML|Default membership role')
-      = f.select :default_membership_role, options_for_select(::Gitlab::Access.options, saml_provider.default_membership_role), {}, class: 'form-control'
+      = f.select :default_membership_role, options_for_select(::Gitlab::Access.options, saml_provider.default_membership_role), {}, class: 'form-control', data: { qa_selector: 'default_membership_role_dropdown' }
       .form-text.text-muted
         = s_('GroupSAML|This will be set as the access level of users added to the group.')
 

qa/qa/ee/page/group/settings/saml_sso.rb

@@ -9,6 +9,7 @@ module QA
             view 'ee/app/views/groups/saml_providers/_form.html.haml' do
               element :identity_provider_sso_field
               element :certificate_fingerprint_field
+              element :default_membership_role_dropdown
               element :enforced_sso_toggle_button
               element :group_managed_accounts_toggle_button
               element :save_changes_button
@@ -30,6 +31,10 @@ module QA
               fill_element :certificate_fingerprint_field, fingerprint
             end
 
+            def set_default_membership_role(role)
+              select_element(:default_membership_role_dropdown, role)
+            end
+
             def has_enforced_sso_button?
               has_button = has_element?(:enforced_sso_toggle_button, wait: 5)
               QA::Runtime::Logger.debug "has_enforced_sso_button?: #{has_button}"

qa/qa/flow/saml.rb

@@ -18,7 +18,7 @@ module QA
         end
       end
 
-      def enable_saml_sso(group, saml_idp_service)
+      def enable_saml_sso(group, saml_idp_service, default_membership_role = 'Guest')
         page.visit Runtime::Scenario.gitlab_address
 
         Page::Main::Login.perform(&:sign_in_using_credentials) unless Page::Main::Menu.perform(&:signed_in?)
@@ -29,6 +29,7 @@ module QA
           EE::Page::Group::Settings::SamlSSO.perform do |saml_sso|
             saml_sso.set_id_provider_sso_url(saml_idp_service.idp_sso_url)
             saml_sso.set_cert_fingerprint(saml_idp_service.idp_certificate_fingerprint)
+            saml_sso.set_default_membership_role(default_membership_role)
             saml_sso.click_save_changes
 
             saml_sso.user_login_url_link_text

qa/qa/specs/features/ee/browser_ui/1_manage/group/group_saml_non_enforced_sso_spec.rb

@@ -24,6 +24,27 @@ module QA
         Flow::Login.sign_in
       end
 
+      context 'when SAML SSO is configured with a default membership role' do
+        let(:user) { Resource::User.fabricate_via_api! }
+        let(:default_membership_role) { 'Developer' }
+
+        it 'adds the new member with access level as set in SAML SSO configuration' do
+          managed_group_url = Flow::Saml.enable_saml_sso(@group, @saml_idp_service, default_membership_role)
+          Page::Main::Menu.perform(&:sign_out_if_signed_in)
+
+          Flow::Login.sign_in(as: user)
+
+          page.visit managed_group_url
+          EE::Page::Group::SamlSSOSignIn.perform(&:click_sign_in)
+          Flow::Saml.login_to_idp_if_required('user3', 'user3pass')
+          expect(page).to have_content("SAML for #{@group.path} was added to your connected accounts")
+
+          member_details = @group.list_members.find { |item| item['username'] == user.username }
+
+          expect(member_details['access_level']).to eq(Resource::Members::AccessLevel::DEVELOPER)
+        end
+      end
+
       it 'User logs in to group with SAML SSO' do
         managed_group_url = Flow::Saml.enable_saml_sso(@group, @saml_idp_service)