diff --git a/.gitlab/ci/test-on-cng/main.gitlab-ci.yml b/.gitlab/ci/test-on-cng/main.gitlab-ci.yml index 8ad7628c49c419a2bad5971b227642e67fa848f5..0785e5b9f7f539794e8fffd30cf1599c201e1561 100644 --- a/.gitlab/ci/test-on-cng/main.gitlab-ci.yml +++ b/.gitlab/ci/test-on-cng/main.gitlab-ci.yml @@ -184,6 +184,18 @@ cng-relative-url: QA_RELATIVE_URL_ROOT: "/relative" EXTRA_DEPLOY_VALUES: "--set global.appConfig.relativeUrlRoot=${QA_RELATIVE_URL_ROOT}" +cng-oauth: + extends: + - .cng-test + variables: + QA_SCENARIO: Test::Instance::All + QA_RSPEC_TAGS: --tag oauth + QA_RUN_IN_PARALLEL: "false" + QA_GITHUB_OAUTH_APP_ID: $QA_GITHUB_OAUTH_APP_ID + QA_GITHUB_OAUTH_APP_SECRET: $QA_GITHUB_OAUTH_APP_SECRET + rules: + - if: $QA_SUITES =~ /Test::Integration::OAuth/ + # ========================================== # Post test stage # ========================================== diff --git a/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/configurations/kind.rb b/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/configurations/kind.rb index 67efc8e81c250a5a1877b87bc3368d150e865e99..52d5251734972805d5d3c1aac76ba6edeee5b292 100644 --- a/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/configurations/kind.rb +++ b/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/configurations/kind.rb @@ -20,6 +20,8 @@ class Kind < Base exit 1 fi SH + # @return [String] secret name for OAuth provider + OAUTH_SECRET_NAME = "gitlab-oauth-github" # Instance of kind deployment configuration # @@ -50,6 +52,7 @@ def initialize(**args) def run_pre_deployment_setup create_initial_root_password create_pre_receive_hook + create_oauth_secret end # Run post-deployment setup @@ -195,6 +198,34 @@ def patch_registry_svc_port }.to_json puts kubeclient.patch('svc', 'gitlab-registry', patch_data) end + + # Create OAuth provider secret + # + # @return [void] + def create_oauth_secret + return unless oauth_enabled? + + log("Creating OAuth provider secret", :info) + + provider_config = <<~YAML + name: 'github' + app_id: '#{ENV['QA_GITHUB_OAUTH_APP_ID']}' + app_secret: '#{ENV['QA_GITHUB_OAUTH_APP_SECRET']}' + args: + scope: 'user:email' + YAML + + secret = Kubectl::Resources::Secret.new(OAUTH_SECRET_NAME, "provider", provider_config) + secrets_to_mask = [ENV['QA_GITHUB_OAUTH_APP_ID'], ENV['QA_GITHUB_OAUTH_APP_SECRET']] + puts mask_secrets(kubeclient.create_resource(secret), secrets_to_mask) + end + + # Check if OAuth is enabled + # + # @return [Boolean] + def oauth_enabled? + ENV['QA_RSPEC_TAGS']&.include?('oauth') + end end end end diff --git a/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/default_values.rb b/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/default_values.rb index 102248ab5db1e6fccd43a538cc2b5c53bd399eea..162011d3b0628f8510765b5428ea943c2ad73f46 100644 --- a/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/default_values.rb +++ b/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/default_values.rb @@ -32,7 +32,8 @@ def common_values(domain) applicationSettingsCacheSeconds: 0, dependencyProxy: { enabled: true - } + }, + omniauth: (oauth_config if ENV['QA_RSPEC_TAGS']&.include?('oauth')) } }, postgresql: { @@ -54,7 +55,7 @@ def common_values(domain) prometheus: { install: false }, "gitlab-runner": { install: false }, installCertmanager: false - } + }.delete_if { |_k, v| v.nil? } end # Key value pairs for ci specific component version values @@ -98,6 +99,20 @@ def with_semver_prefix(version) "v#{version}" end + + def oauth_config + { + enabled: true, + allowSingleSignOn: ['github'], + blockAutoCreatedUsers: false, + providers: [ + { + secret: 'gitlab-oauth-github', + key: 'provider' + } + ] + } + end end end end