Gemfile.lock

 PATH
   remote: .
   specs:
-    gitlab-qa (14.21.0)
+    gitlab-qa (15.0.0)
       activesupport (>= 6.1, < 7.2)
       ffi (~> 1.17)
       gitlab (~> 4.19)

docs/run_qa_against_gdk.md

@@ -54,11 +54,11 @@ If they do not match, a test will be signed out when it visits a page directly b
 **Note:** When you log into your GDK instance of GitLab for the first time, the root password requires a change.
 GitLab QA expects the default initial password to be used in tests; see all default values listed in
 [Supported GitLab environment variables](what_tests_can_be_run.md#supported-gitlab-environment-variables).
-If you have changed your root password, you must set the `GITLAB_INITIAL_ROOT_PASSWORD` environment
+If you have changed your root password, you must set the `GITLAB_ADMIN_PASSWORD` environment
 variable.
 
   ```shell
-  export GITLAB_INITIAL_ROOT_PASSWORD="<GDK root password>"
+  export GITLAB_ADMIN_PASSWORD="<GDK root password>"
   ```
 
 **Note**: If you encounter the following error, you can resolve it by unsetting the Docker host environment variable using the command `unset DOCKER_HOST`:

docs/what_tests_can_be_run.md

@@ -36,20 +36,8 @@ All environment variables used by GitLab QA should be defined in [`lib/gitlab/qa
 |-----------------------|-----------|-----------------------|----------|
 | `GITLAB_USERNAME`       | `root`  | Username to use when signing into GitLab. | Yes|
 | `GITLAB_PASSWORD`       | `5iveL!fe` | Password to use when signing into GitLab. | Yes|
-| `GITLAB_FORKER_USERNAME`|-  | Username to use for forking a project. | Yes|
-| `GITLAB_FORKER_PASSWORD`|-  | Password to use for forking a project. | Yes|
 | `GITLAB_QA_USERNAME_1`  |-  | Username available in environments where signup is disabled. | No|
 | `GITLAB_QA_PASSWORD_1`  |-  | Password for `GITLAB_QA_USERNAME_1` available in environments where signup is disabled (e.g. staging.gitlab.com). | No|
-| `GITLAB_QA_USERNAME_2`  |-  | Another username available in environments where signup is disabled. | No|
-| `GITLAB_QA_PASSWORD_2`  |-  | Password for `GITLAB_QA_USERNAME_2` available in environments where signup is disabled (e.g. staging.gitlab.com). | No|
-| `GITLAB_QA_USERNAME_3`  |-  | Another username available in environments where signup is disabled. | No|
-| `GITLAB_QA_PASSWORD_3`  |-  | Password for `GITLAB_QA_USERNAME_3` available in environments where signup is disabled (e.g. staging.gitlab.com). | No|
-| `GITLAB_QA_USERNAME_4`  |-  | Another username available in environments where signup is disabled. | No|
-| `GITLAB_QA_PASSWORD_4`  |-  | Password for `GITLAB_QA_USERNAME_4` available in environments where signup is disabled (e.g. staging.gitlab.com). | No|
-| `GITLAB_QA_USERNAME_5`  |-  | Another username available in environments where signup is disabled. | No|
-| `GITLAB_QA_PASSWORD_5`  |-  | Password for `GITLAB_QA_USERNAME_5` available in environments where signup is disabled (e.g. staging.gitlab.com). | No|
-| `GITLAB_QA_USERNAME_6`  |-  | Another username available in environments where signup is disabled. | No|
-| `GITLAB_QA_PASSWORD_6`  |-  | Password for `GITLAB_QA_USERNAME_6` available in environments where signup is disabled (e.g. staging.gitlab.com). | No|
 | `GITLAB_LDAP_USERNAME`  |-  | LDAP username to use when signing into GitLab. | No|
 | `GITLAB_LDAP_PASSWORD`  |-  | LDAP password to use when signing into GitLab. | No|
 | `GITLAB_ADMIN_USERNAME` |-  | Admin username to use when adding a license. | No|
@@ -99,7 +87,6 @@ All environment variables used by GitLab QA should be defined in [`lib/gitlab/qa
 | `DEPLOY_VERSION` |- | The version of GitLab being tested against. | No|
 | `GITLAB_QA_USER_AGENT` |- | The browser user-agent to use instead of the default Chrome user-agent. When set to the appropriate value (stored in 1Password), this allows tests to bypass certain login challenges (e.g., reCAPTCHA and ArkoseLabs). | No|
 | `GEO_FAILOVER` | `false` | Set to `true` when a Geo secondary site has been promoted to a Geo primary site. | No|
-| `GITLAB_INITIAL_ROOT_PASSWORD` | `5iveL!fe` | Initial root password for Omnibus installations | No|
 | `COLORIZED_LOGS` | `false` | Colors GitLab QA and test logs to improve readability | No|
 | `QA_DOCKER_ADD_HOSTS` |- | Comma separated list of hosts to add to /etc/hosts in docker container | No|
 | `FIPS` |- | Set to `1` or `true` to indicate that the test is running under FIPS mode | No|
@@ -841,10 +828,6 @@ GitLab project).
 
 - `GITLAB_ADMIN_PASSWORD`: The administrator user's password.
 
-- `GITLAB_QA_USERNAME_X`: The username of a pre-generated test user, where `X` is `1` to `6`.
-
-- `GITLAB_QA_PASSWORD_X`: The pre-generated test user's password.
-
 **Optional environment variables:**
 
 - `GITLAB_QA_DEV_ACCESS_TOKEN`: A valid personal access token for the
@@ -966,9 +949,9 @@ to the canary fleet.
 
 **Required by specific tests:**
 
-- `GITLAB_QA_USERNAME_X`: The username of a pre-generated test user, where `X` is `1` to `6`.
+- `GITLAB_QA_USERNAME_1`: The username of a pre-generated test user.
 
-- `GITLAB_QA_PASSWORD_X`: The pre-generated test user's password.
+- `GITLAB_QA_PASSWORD_1`: The pre-generated test user's password.
 
 **Optional environment variables:**
 

lib/gitlab/qa/runtime/env.rb

@@ -11,6 +11,8 @@ module Gitlab
         extend self
         using Rainbow
 
+        DEFAULT_ADMIN_PASSWORD = '5iveL!fe'
+
         # Variables that are used in tests and are passed through to the docker container that executes the tests.
         # These variables should be listed in /docs/what_tests_can_be_run.md#supported-gitlab-environment-variables
         # unless they're defined elsewhere (e.g.: https://docs.gitlab.com/ee/ci/variables/predefined_variables.html).
@@ -62,7 +64,6 @@ module Gitlab
           'GITLAB_ADMIN_USERNAME' => :admin_username,
           'GITLAB_FORKER_PASSWORD' => :forker_password,
           'GITLAB_FORKER_USERNAME' => :forker_username,
-          'GITLAB_INITIAL_ROOT_PASSWORD' => :initial_root_password,
           'GITLAB_LDAP_PASSWORD' => :ldap_password,
           'GITLAB_LDAP_USERNAME' => :ldap_username,
           'GITLAB_PASSWORD' => :user_password,
@@ -76,7 +77,6 @@ module Gitlab
           'GITLAB_QA_PASSWORD_2' => :gitlab_qa_password_2,
           'GITLAB_QA_USER_AGENT' => :gitlab_qa_user_agent,
           'GITLAB_QA_USERNAME_1' => :gitlab_qa_username_1,
-          'GITLAB_QA_USERNAME_2' => :gitlab_qa_username_2,
           'GITLAB_SANDBOX_NAME' => :gitlab_sandbox_name,
           'GITLAB_TLS_CERTIFICATE' => :gitlab_tls_certificate,
           'GITLAB_URL' => :gitlab_url,
@@ -187,6 +187,10 @@ module Gitlab
           qa_variables.merge(defined_variables)
         end
 
+        def admin_password
+          ENV['GITLAB_ADMIN_PASSWORD'] || DEFAULT_ADMIN_PASSWORD
+        end
+
         # Variables that should be masked
         #
         # @return [Array] the values of the variables that should be masked
@@ -231,10 +235,6 @@ module Gitlab
           env_var_name_if_defined('GITLAB_QA_DEV_ACCESS_TOKEN')
         end
 
-        def initial_root_password
-          env_var_value_if_defined('GITLAB_INITIAL_ROOT_PASSWORD') || '5iveL!fe'
-        end
-
         def host_artifacts_dir
           @host_artifacts_dir ||= File.join(
             env_var_value_if_defined('QA_ARTIFACTS_DIR') || '/tmp/gitlab-qa', Runtime::Env.run_id
@@ -333,22 +333,6 @@ module Gitlab
           raise ArgumentError, "Please provide CLOUD_CONNECTOR_BASE_URL"
         end
 
-        def require_initial_password!
-          return unless env_var_value_if_defined('GITLAB_INITIAL_ROOT_PASSWORD').to_s.strip.empty?
-
-          raise(
-            ArgumentError,
-            "Environment variable GITLAB_INITIAL_ROOT_PASSWORD must be provided to set an initial root password."
-          )
-        end
-
-        def override_default_password!
-          require_initial_password!
-
-          ENV['GITLAB_PASSWORD'] = initial_root_password
-          ENV['GITLAB_ADMIN_PASSWORD'] = initial_root_password
-        end
-
         def skip_pull?
           enabled?(env_var_value_if_defined('QA_SKIP_PULL'), default: false)
         end

lib/gitlab/qa/runtime/omnibus_configurations/default.rb

@@ -12,7 +12,7 @@ module Gitlab
               gitlab_rails['gitlab_default_theme'] = 10 # Light Red Theme
               gitlab_rails['gitlab_disable_animations'] = true # Disable animations
               gitlab_rails['application_settings_cache_seconds'] = 0 # Settings cache expiry
-              gitlab_rails['initial_root_password'] = '#{Runtime::Env.initial_root_password}' # Initial root password
+              gitlab_rails['initial_root_password'] = '#{Runtime::Env.admin_password}' # Initial root password
             OMNIBUS
           end
 

lib/gitlab/qa/scenario/test/integration/import_with_smtp.rb

@@ -10,9 +10,9 @@ module Gitlab
             attr_reader :orchestrate_mail_hog_server
 
             def initialize
+              super
               @spec_suite = 'Test::Integration::ImportWithSMTP'
               @orchestrate_mail_hog_server = true
-              super
             end
 
             def configure_omnibus(gitlab, mail_hog)

lib/gitlab/qa/scenario/test/integration/mtls.rb

@@ -16,60 +16,55 @@ module Gitlab
             end
 
             def perform(release, *rspec_args)
-              # You can create 2 networks with the same 'human friendly' name if you run network create in parallel
-              # However this causes 'ambiguous network' errors, so lets just create network manually earlier
-              # see https://github.com/moby/moby/issues/18864#issuecomment-167006094
-              # and also api docs https://github.com/moby/moby/blob/master/docs/api/v1.42.yaml#L9932-L9941
-              docker = Docker::Engine.new
-              docker.network_create(@network) unless docker.network_exists?(@network)
-
-              gitaly_thread = Thread.new do
-                Thread.current.abort_on_exception = true
-                @gitaly_node = Component::Gitlab.perform do |gitaly|
-                  gitaly.release = QA::Release.new(release)
-                  gitaly.name = @gitaly_name
-                  gitaly.network = @network
-                  gitaly.skip_availability_check = true
-                  gitaly.seed_admin_token = false
-
-                  gitaly.omnibus_configuration << gitaly_omnibus
-                  gitaly.gitaly_tls = true
-
-                  gitaly.instance(skip_teardown: true)
-                end
-              end
+              gitaly_node = gitaly_node(release)
+              gitaly_node.instance(skip_teardown: true)
 
               Component::Gitlab.perform do |gitlab|
                 gitlab.release = QA::Release.new(release)
                 gitlab.name = @gitlab_name
                 gitlab.network = @network
-
-                gitlab.omnibus_configuration << gitlab_omnibus
+                gitlab.omnibus_configuration << gitlab_omnibus_config
                 gitlab.tls = true
 
                 gitlab.instance do
-                  gitaly_thread.join
                   Runtime::Logger.info("Running mTLS specs!")
-
-                  if @tag
-                    rspec_args << "--" unless rspec_args.include?('--')
-                    rspec_args << "--tag" << @tag
-                  end
-
-                  Component::Specs.perform do |specs|
-                    specs.suite = @spec_suite
-                    specs.release = gitlab.release
-                    specs.network = gitlab.network
-                    specs.args = [gitlab.address, *rspec_args]
-                    specs.env = @env
-                  end
+                  run_mtls_specs(gitlab, *rspec_args)
                 end
               end
-            ensure
-              @gitaly_node&.teardown
+              gitaly_node.teardown
+            end
+
+            private
+
+            def gitaly_node(release)
+              Component::Gitlab.new.tap do |gitaly|
+                gitaly.release = QA::Release.new(release)
+                gitaly.name = @gitaly_name
+                gitaly.network = @network
+                gitaly.skip_availability_check = true
+                gitaly.seed_admin_token = false
+
+                gitaly.omnibus_configuration << gitaly_omnibus_config
+                gitaly.gitaly_tls = true
+              end
+            end
+
+            def run_mtls_specs(gitlab, *rspec_args)
+              if @tag
+                rspec_args << "--" unless rspec_args.include?('--')
+                rspec_args << "--tag" << @tag
+              end
+
+              Component::Specs.perform do |specs|
+                specs.suite = @spec_suite
+                specs.release = gitlab.release
+                specs.network = gitlab.network
+                specs.args = [gitlab.address, *rspec_args]
+                specs.env = @env
+              end
             end
 
-            def gitlab_omnibus
+            def gitlab_omnibus_config
               <<~OMNIBUS
                 gitaly['enable'] = false;
 
@@ -85,7 +80,7 @@ module Gitlab
               OMNIBUS
             end
 
-            def gitaly_omnibus
+            def gitaly_omnibus_config
               <<~OMNIBUS
                 gitaly['configuration'] = {
                   auth: {

lib/gitlab/qa/version.rb

@@ -2,6 +2,6 @@
 
 module Gitlab
   module QA
-    VERSION = '14.21.0'
+    VERSION = '15.0.0'
   end
 end

rubocop/cop/gitlab/dangerous_interpolation.rb

@@ -67,7 +67,6 @@ module RuboCop
           'GCLOUD_REGION' => :gcloud_region,
           'SIGNUP_DISABLED' => :signup_disabled,
           'GITLAB_QA_USERNAME_1' => :gitlab_qa_username_1,
-          'GITLAB_QA_USERNAME_2' => :gitlab_qa_username_2,
           'QA_GITHUB_USERNAME' => :qa_github_username,
           'QA_GITLAB_HOSTNAME' => :qa_gitlab_hostname,
           'QA_GITLAB_USE_TLS' => :qa_gitlab_use_tls,
@@ -107,7 +106,6 @@ module RuboCop
           'CACHE_NAMESPACE_NAME' => :cache_namespace_name,
           'GITLAB_QA_USER_AGENT' => :gitlab_qa_user_agent,
           'GEO_FAILOVER' => :geo_failover,
-          'GITLAB_INITIAL_ROOT_PASSWORD' => :initial_root_password,
           'GITLAB_TLS_CERTIFICATE' => :gitlab_tls_certificate,
           'AWS_S3_REGION' => :aws_s3_region,
           'AWS_S3_KEY_ID' => :aws_s3_key_id,

spec/gitlab/qa/runtime/env_spec.rb

@@ -161,15 +161,13 @@ describe Gitlab::QA::Runtime::Env do
     end
 
     it 'returns only these delegated variables that are set' do
-      expect(described_class.variables).to include({ 'GITLAB_INITIAL_ROOT_PASSWORD' => '5iveL!fe',
-                                                     'GITLAB_USERNAME' => '$GITLAB_USERNAME' })
+      expect(described_class.variables).to include({ 'GITLAB_USERNAME' => '$GITLAB_USERNAME' })
     end
 
     it 'prefers environment variables to defined values' do
       described_class.user_username = 'tanuki'
 
-      expect(described_class.variables).to include({ 'GITLAB_INITIAL_ROOT_PASSWORD' => '5iveL!fe',
-                                                     'GITLAB_USERNAME' => '$GITLAB_USERNAME' })
+      expect(described_class.variables).to include({ 'GITLAB_USERNAME' => '$GITLAB_USERNAME' })
     end
 
     it 'returns values that have been overriden' do
@@ -177,8 +175,7 @@ describe Gitlab::QA::Runtime::Env do
       described_class.user_type = 'ldap'
       described_class.gitlab_url = 'http://localhost:9999'
 
-      expect(described_class.variables).to include({ 'GITLAB_INITIAL_ROOT_PASSWORD' => '5iveL!fe',
-                                                     'GITLAB_USERNAME' => '$GITLAB_USERNAME',
+      expect(described_class.variables).to include({ 'GITLAB_USERNAME' => '$GITLAB_USERNAME',
                                                      'GITLAB_PASSWORD' => 'tanuki',
                                                      'GITLAB_USER_TYPE' => 'ldap',
                                                      'GITLAB_URL' => 'http://localhost:9999' })