Add latest changes from gitlab-org/gitlab@master

app/helpers/ci/variables_helper.rb

@@ -32,14 +32,6 @@ module Ci
       end
     end
 
-    def ci_variable_masked?(variable, only_key_value)
-      if variable && !only_key_value
-        variable.masked
-      else
-        false
-      end
-    end
-
     def ci_variable_maskable_raw_regex
       Ci::Maskable::MASK_AND_RAW_REGEX.inspect.sub('\\A', '^').sub('\\z', '$')[1...-1]
     end

app/models/integrations/google_play.rb

@@ -18,19 +18,25 @@ module Integrations
     field :package_name,
       section: SECTION_TYPE_CONNECTION,
       placeholder: 'com.example.myapp',
+      description: -> { _('Package name of the app in Google Play.') },
       required: true
 
     field :service_account_key_file_name,
       section: SECTION_TYPE_CONNECTION,
-      required: true
+      required: true,
+      description: -> { _('File name of the Google Play service account key.') }
 
-    field :service_account_key, api_only: true
+    field :service_account_key,
+      required: true,
+      description: -> { _('Google Play service account key.') },
+      api_only: true
 
     field :google_play_protected_refs,
       type: :checkbox,
       section: SECTION_TYPE_CONFIGURATION,
       title: -> { s_('GooglePlayStore|Protected branches and tags only') },
-      checkbox_label: -> { s_('GooglePlayStore|Only set variables on protected branches and tags') }
+      description: -> { _('Set variables on protected branches and tags only.') },
+      checkbox_label: -> { s_('GooglePlayStore|Set variables on protected branches and tags only') }
 
     def self.title
       s_('GooglePlay|Google Play')
@@ -48,10 +54,10 @@ module Integrations
 
       # rubocop:disable Layout/LineLength
       texts = [
-        s_("Use the Google Play integration to connect to Google Play with fastlane in CI/CD pipelines."),
-        s_("After you enable the integration, the following protected variable is created for CI/CD use:"),
+        s_("Use this integration to connect to Google Play with fastlane in CI/CD pipelines."),
+        s_("After you enable the integration, the following protected variables are created for CI/CD use:"),
         variable_list.join('<br>'),
-        s_(format("To generate a Google Play service account key and use this integration, see the <a href='%{url}' target='_blank'>integration documentation</a>.", url: Rails.application.routes.url_helpers.help_page_url('user/project/integrations/google_play'))).html_safe
+        s_(format("For more information, see the <a href='%{url}' target='_blank'>documentation</a>.", url: Rails.application.routes.url_helpers.help_page_url('user/project/integrations/google_play'))).html_safe
       ]
       # rubocop:enable Layout/LineLength
 

doc/api/integrations.md

@@ -803,6 +803,41 @@ Get the Google Chat integration settings for a project.
 GET /projects/:id/integrations/hangouts-chat
 ```
 
+## Google Play
+
+### Set up Google Play
+
+Set up the Google Play integration for a project.
+
+```plaintext
+PUT /projects/:id/integrations/google-play
+```
+
+Parameters:
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `package_name` | string | true | Package name of the app in Google Play. |
+| `service_account_key` | string | true | Google Play service account key. |
+| `service_account_key_file_name` | string | true | File name of the Google Play service account key. |
+| `google_play_protected_refs` | boolean | false | Set variables on protected branches and tags only. |
+
+### Disable Google Play
+
+Disable the Google Play integration for a project. Integration settings are reset.
+
+```plaintext
+DELETE /projects/:id/integrations/google-play
+```
+
+### Get Google Play settings
+
+Get the Google Play integration settings for a project.
+
+```plaintext
+GET /projects/:id/integrations/google-play
+```
+
 ## irker (IRC gateway)
 
 ### Set up irker

doc/development/testing_guide/end_to_end/running_tests_that_require_special_setup.md

@@ -303,6 +303,75 @@ Geo requires an EE license. To visit the Geo sites in your browser, you need a r
 - You can increase the wait time for replication by setting `GEO_MAX_FILE_REPLICATION_TIME` and `GEO_MAX_DB_REPLICATION_TIME`. The default is 120 seconds.
 - To save time during tests, create a Personal Access Token with API access on the Geo primary node, and pass that value in as `GITLAB_QA_ACCESS_TOKEN` and `GITLAB_QA_ADMIN_ACCESS_TOKEN`.
 
+## Group SAML Tests
+
+Tests that are tagged with `:group_saml` meta are orchestrated tests where the user accesses a group via SAML SSO.
+
+These tests depend on a SAML IDP Docker container ([jamedjo/test-SAML-idp](https://hub.docker.com/r/jamedjo/test-saml-idp)). The tests spin up the container themselves.
+
+To run these tests on your computer against the GDK:
+
+1. Add these settings to your `gitlab.yml` file:
+
+   ```yaml
+   omniauth:
+     enabled: true
+     providers:
+       - { name: 'group_saml' }
+   ```
+
+1. Run a group SAML test from [`gitlab/qa`](https://gitlab.com/gitlab-org/gitlab/-/tree/d5447ebb5f99d4c72780681ddf4dc25b0738acba/qa) directory:
+
+   ```shell
+   QA_DEBUG=true CHROME_HEADLESS=false bundle exec bin/qa Test::Instance::All http://localhost:3000 qa/specs/features/ee/browser_ui/1_manage/group/group_saml_enforced_sso_spec.rb -- --tag orchestrated
+   ```
+
+For instructions on how to run these tests using the `gitlab-qa` gem, refer to [the GitLab QA documentation](https://gitlab.com/gitlab-org/gitlab-qa/-/blob/master/docs/what_tests_can_be_run.md#testintegrationgroupsaml-eefull-image-address).
+
+## Instance SAML Tests
+
+Tests that are tagged with `:instance_saml` meta are orchestrated tests where the instance level sign-in happens using SAML SSO.
+
+These tests require a SAML IDP Docker container ([jamedjo/test-SAML-idp](https://hub.docker.com/r/jamedjo/test-saml-idp)) to be configured and running.
+
+To run these tests on your computer against the GDK:
+
+1. Add these settings to your `gitlab.yml` file:
+
+   ```yaml
+   omniauth:
+     enabled: true
+     allow_single_sign_on: ["saml"]
+     block_auto_created_users: false
+     auto_link_saml_user: true
+     providers:
+       - { name: 'saml',
+         args: {
+         assertion_consumer_service_url: 'http://gdk.test:3000/users/auth/saml/callback',
+         idp_cert_fingerprint: '11:9b:9e:02:79:59:cd:b7:c6:62:cf:d0:75:d9:e2:ef:38:4e:44:5f',
+         idp_sso_target_url: 'https://gdk.test:8443/simplesaml/saml2/idp/SSOService.php',
+         issuer: 'http://gdk.test:3000',
+         name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
+       } }
+   ```
+
+1. Start the SAML IDP Docker container:
+
+   ```shell
+   docker run --name=group_saml_qa_idp -p 8080:8080 -p 8443:8443 \
+   -e SIMPLESAMLPHP_SP_ENTITY_ID=http://localhost:3000 \
+   -e SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE=http://localhost:3000/users/auth/saml/callback \
+   -d jamedjo/test-saml-idp
+   ```
+
+1. Run the test from [`gitlab/qa`](https://gitlab.com/gitlab-org/gitlab/-/tree/d5447ebb5f99d4c72780681ddf4dc25b0738acba/qa) directory:
+
+   ```shell
+   QA_DEBUG=true CHROME_HEADLESS=false bundle exec bin/qa Test::Instance::All http://localhost:3000 qa/specs/features/browser_ui/1_manage/login/login_via_instance_wide_saml_sso_spec.rb -- --tag orchestrated
+   ```
+
+For instructions on how to run these tests using the `gitlab-qa` gem, refer to [the GitLab QA documentation](https://gitlab.com/gitlab-org/gitlab-qa/-/blob/master/docs/what_tests_can_be_run.md#testintegrationinstancesaml-ceeefull-image-address).
+
 ## LDAP Tests
 
 Tests that are tagged with `:ldap_tls` and `:ldap_no_tls` meta are orchestrated tests where the sign-in happens via LDAP.

lib/api/helpers/integrations_helpers.rb

@@ -325,32 +325,7 @@ module API
               desc: 'The URL of the external wiki'
             }
           ],
-          'google-play' => [
-            {
-              required: true,
-              name: :package_name,
-              type: String,
-              desc: 'The package name of the app in Google Play'
-            },
-            {
-              required: true,
-              name: :service_account_key,
-              type: String,
-              desc: 'The Google Play service account key'
-            },
-            {
-              required: true,
-              name: :service_account_key_file_name,
-              type: String,
-              desc: 'The filename of the Google Play service account key'
-            },
-            {
-              required: false,
-              name: :google_play_protected_refs,
-              type: ::Grape::API::Boolean,
-              desc: 'Only enable for protected refs'
-            }
-          ],
+          'google-play' => ::Integrations::GooglePlay.api_fields,
           'hangouts-chat' => [
             {
               required: true,

locale/gitlab.pot

@@ -4454,9 +4454,6 @@ msgstr ""
 msgid "After the report is generated, an email will be sent with the report attached."
 msgstr ""
 
-msgid "After you enable the integration, the following protected variable is created for CI/CD use:"
-msgstr ""
-
 msgid "After you enable the integration, the following protected variables are created for CI/CD use:"
 msgstr ""
 
@@ -20910,6 +20907,9 @@ msgstr ""
 msgid "File name"
 msgstr ""
 
+msgid "File name of the Google Play service account key."
+msgstr ""
+
 msgid "File permissions"
 msgstr ""
 
@@ -22908,6 +22908,9 @@ msgstr ""
 msgid "Google Cloud authorizations required"
 msgstr ""
 
+msgid "Google Play service account key."
+msgstr ""
+
 msgid "GoogleCloud|Cancel"
 msgstr ""
 
@@ -22944,10 +22947,10 @@ msgstr ""
 msgid "GoogleCloud|Revoke authorizations granted to GitLab. This does not invalidate service accounts."
 msgstr ""
 
-msgid "GooglePlayStore|Only set variables on protected branches and tags"
+msgid "GooglePlayStore|Protected branches and tags only"
 msgstr ""
 
-msgid "GooglePlayStore|Protected branches and tags only"
+msgid "GooglePlayStore|Set variables on protected branches and tags only"
 msgstr ""
 
 msgid "GooglePlay|Drag your key file here or %{linkStart}click to upload%{linkEnd}."
@@ -34195,6 +34198,9 @@ msgstr ""
 msgid "Package file size limits"
 msgstr ""
 
+msgid "Package name of the app in Google Play."
+msgstr ""
+
 msgid "Package recipe already exists"
 msgstr ""
 
@@ -45440,6 +45446,9 @@ msgstr ""
 msgid "Set up your project to automatically push and/or pull changes to/from another repository. Branches, tags, and commits will be synced automatically."
 msgstr ""
 
+msgid "Set variables on protected branches and tags only."
+msgstr ""
+
 msgid "Set weight"
 msgstr ""
 
@@ -52792,9 +52801,6 @@ msgstr ""
 msgid "Use the %{strongStart}Test%{strongEnd} option above to create an event."
 msgstr ""
 
-msgid "Use the Google Play integration to connect to Google Play with fastlane in CI/CD pipelines."
-msgstr ""
-
 msgid "Use the link below to confirm your email address (%{email})"
 msgstr ""
 
@@ -52807,6 +52813,9 @@ msgstr ""
 msgid "Use the search bar on the top of this page"
 msgstr ""
 
+msgid "Use this integration to connect to Google Play with fastlane in CI/CD pipelines."
+msgstr ""
+
 msgid "Use this integration to connect to the Apple App Store with fastlane in CI/CD pipelines."
 msgstr ""
 

spec/helpers/ci/variables_helper_spec.rb

@@ -42,23 +42,6 @@ RSpec.describe Ci::VariablesHelper, feature_category: :secrets_management do
     end
   end
 
-  describe '#ci_variable_masked?' do
-    let(:variable) { build_stubbed(:ci_variable, key: 'test_key', value: 'test_value', masked: true) }
-
-    context 'when variable is provided and only_key_value is false' do
-      it 'expect ci_variable_masked? to return true' do
-        expect(helper.ci_variable_masked?(variable, false)).to eq(true)
-      end
-    end
-
-    context 'when variable is not provided / provided and only_key_value is true' do
-      it 'expect ci_variable_masked? to return false' do
-        expect(helper.ci_variable_masked?(nil, true)).to eq(false)
-        expect(helper.ci_variable_masked?(variable, true)).to eq(false)
-      end
-    end
-  end
-
   describe '#ci_variable_maskable_raw_regex' do
     it 'converts to a javascript regex' do
       expect(helper.ci_variable_maskable_raw_regex).to eq("^\\S{8,}$")