Merge branch 'extract-vulnerable-from-group' into 'master'

Extract vulnerabilities fetch methods from Group See merge request gitlab-org/gitlab-ee!14472

Merge branch 'extract-vulnerable-from-group' into 'master'
Extract vulnerabilities fetch methods from Group See merge request gitlab-org/gitlab-ee!14472
016f998a · Bob Van Landuyt · d1b8f640 · 3e127ae6 · 016f998a · 016f998a
Commit 016f998a authored Jul 09, 2019 by Bob Van Landuyt
4 changed files
--- a/ee/app/models/concerns/vulnerable.rb
+++ b/ee/app/models/concerns/vulnerable.rb
+# frozen_string_literal: true
+
+module Vulnerable
+  def latest_vulnerabilities
+    Vulnerabilities::Occurrence
+      .for_pipelines(all_pipelines.with_vulnerabilities.latest_successful_ids_per_project)
+  end
+
+  def latest_vulnerabilities_with_sha
+    Vulnerabilities::Occurrence
+      .for_pipelines_with_sha(all_pipelines.with_vulnerabilities.latest_successful_ids_per_project)
+  end
+
+  def all_vulnerabilities
+    Vulnerabilities::Occurrence
+      .for_pipelines(all_pipelines.with_vulnerabilities.success)
+  end
+end
--- a/ee/app/models/ee/group.rb
+++ b/ee/app/models/ee/group.rb
@@ -10,6 +10,7 @@ module EE
    extend ::Gitlab::Utils::Override

    prepended do
+      include Vulnerable
      include TokenAuthenticatable
      include InsightsFeature

@@ -108,21 +109,6 @@ module EE
      end
    end

-    def latest_vulnerabilities
-      Vulnerabilities::Occurrence
-        .for_pipelines(all_pipelines.with_vulnerabilities.latest_successful_ids_per_project)
-    end
-
-    def latest_vulnerabilities_with_sha
-      Vulnerabilities::Occurrence
-        .for_pipelines_with_sha(all_pipelines.with_vulnerabilities.latest_successful_ids_per_project)
-    end
-
-    def all_vulnerabilities
-      Vulnerabilities::Occurrence
-        .for_pipelines(all_pipelines.with_vulnerabilities.success)
-    end
-
    def human_ldap_access
      ::Gitlab::Access.options_with_owner.key(ldap_access)
    end

--- a/ee/spec/models/group_spec.rb
+++ b/ee/spec/models/group_spec.rb
@@ -3,6 +3,10 @@ require 'spec_helper'
 describe Group do
  let(:group) { create(:group) }

+  it_behaves_like Vulnerable do
+    let(:vulnerable) { group }
+  end
+
  it { is_expected.to include_module(EE::Group) }

  describe 'associations' do
@@ -291,91 +295,6 @@ describe Group do
    end
  end

-  describe 'Vulnerabilities::Occurrence collection methods' do
-    describe 'vulnerabilities finder methods' do
-      let(:project) { create(:project, namespace: group) }
-      let(:external_project) { create(:project) }
-      let(:failed_pipeline) { create(:ci_pipeline, :failed, project: project) }
-
-      let!(:old_vuln) { create_vulnerability(project) }
-      let!(:new_vuln) { create_vulnerability(project) }
-      let!(:external_vuln) { create_vulnerability(external_project) }
-      let!(:failed_vuln) { create_vulnerability(project, failed_pipeline) }
-
-      before do
-        pipeline_ran_against_new_sha = create(:ci_pipeline, :success, project: project, sha: '123')
-        new_vuln.pipelines << pipeline_ran_against_new_sha
-      end
-
-      def create_vulnerability(project, pipeline = nil)
-        pipeline ||= create(:ci_pipeline, :success, project: project)
-        create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project)
-      end
-
-      describe '#latest_vulnerabilities' do
-        subject { group.latest_vulnerabilities }
-
-        it 'returns vulns only for the latest successful pipelines of projects belonging to the group' do
-          is_expected.to contain_exactly(new_vuln)
-        end
-
-        context 'with vulnerabilities from other branches' do
-          let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
-          let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
-
-          # TODO: This should actually fail and we must scope vulns
-          # per branch as soon as we store them for other branches
-          # Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
-          it 'includes vulnerabilities from all branches' do
-            is_expected.to contain_exactly(branch_vuln)
-          end
-        end
-      end
-
-      describe '#latest_vulnerabilities_with_sha' do
-        subject { group.latest_vulnerabilities_with_sha }
-
-        it 'returns vulns only for the latest successful pipelines of projects belonging to the group' do
-          is_expected.to contain_exactly(new_vuln)
-        end
-
-        it { is_expected.to all(respond_to(:sha)) }
-
-        context 'with vulnerabilities from other branches' do
-          let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
-          let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
-
-          # TODO: This should actually fail and we must scope vulns
-          # per branch as soon as we store them for other branches
-          # Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
-          it 'includes vulnerabilities from all branches' do
-            is_expected.to contain_exactly(branch_vuln)
-          end
-        end
-      end
-
-      describe '#all_vulnerabilities' do
-        subject { group.all_vulnerabilities }
-
-        it 'returns vulns for all successful pipelines of projects belonging to the group' do
-          is_expected.to contain_exactly(old_vuln, new_vuln, new_vuln)
-        end
-
-        context 'with vulnerabilities from other branches' do
-          let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
-          let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
-
-          # TODO: This should actually fail and we must scope vulns
-          # per branch as soon as we store them for other branches
-          # Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
-          it 'includes vulnerabilities from all branches' do
-            is_expected.to contain_exactly(old_vuln, new_vuln, new_vuln, branch_vuln)
-          end
-        end
-      end
-    end
-  end
-
  describe '#group_project_template_available?' do
    subject { group.group_project_template_available? }


--- a/ee/spec/support/shared_examples/models/concerns/vulnerable_shared_examples.rb
+++ b/ee/spec/support/shared_examples/models/concerns/vulnerable_shared_examples.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+shared_examples_for Vulnerable do
+  let(:project) { create(:project, namespace: vulnerable) }
+  let(:external_project) { create(:project) }
+  let(:failed_pipeline) { create(:ci_pipeline, :failed, project: project) }
+
+  let!(:old_vuln) { create_vulnerability(project) }
+  let!(:new_vuln) { create_vulnerability(project) }
+  let!(:external_vuln) { create_vulnerability(external_project) }
+  let!(:failed_vuln) { create_vulnerability(project, failed_pipeline) }
+
+  before do
+    pipeline_ran_against_new_sha = create(:ci_pipeline, :success, project: project, sha: '123')
+    new_vuln.pipelines << pipeline_ran_against_new_sha
+  end
+
+  def create_vulnerability(project, pipeline = nil)
+    pipeline ||= create(:ci_pipeline, :success, project: project)
+    create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project)
+  end
+
+  describe '#latest_vulnerabilities' do
+    subject { vulnerable.latest_vulnerabilities }
+
+    it 'returns vulnerabilities for the latest successful pipelines of projects belonging to the vulnerable entity' do
+      is_expected.to contain_exactly(new_vuln)
+    end
+
+    context 'with vulnerabilities from other branches' do
+      let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
+      let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
+
+      # TODO: This should actually fail and we must scope vulns
+      # per branch as soon as we store them for other branches
+      # Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
+      it 'includes vulnerabilities from all branches' do
+        is_expected.to contain_exactly(branch_vuln)
+      end
+    end
+  end
+
+  describe '#latest_vulnerabilities_with_sha' do
+    subject { vulnerable.latest_vulnerabilities_with_sha }
+
+    it 'returns vulns only for the latest successful pipelines of projects belonging to the vulnerable' do
+      is_expected.to contain_exactly(new_vuln)
+    end
+
+    it { is_expected.to all(respond_to(:sha)) }
+
+    context 'with vulnerabilities from other branches' do
+      let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
+      let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
+
+      # TODO: This should actually fail and we must scope vulns
+      # per branch as soon as we store them for other branches
+      # Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
+      it 'includes vulnerabilities from all branches' do
+        is_expected.to contain_exactly(branch_vuln)
+      end
+    end
+  end
+
+  describe '#all_vulnerabilities' do
+    subject { vulnerable.all_vulnerabilities }
+
+    it 'returns vulns for all successful pipelines of projects belonging to the vulnerable' do
+      is_expected.to contain_exactly(old_vuln, new_vuln, new_vuln)
+    end
+
+    context 'with vulnerabilities from other branches' do
+      let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
+      let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
+
+      # TODO: This should actually fail and we must scope vulns
+      # per branch as soon as we store them for other branches
+      # Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
+      it 'includes vulnerabilities from all branches' do
+        is_expected.to contain_exactly(old_vuln, new_vuln, new_vuln, branch_vuln)
+      end
+    end
+  end
+end