Merge branch '228740-use-graphql-mutations-to-update-state' into 'master'

Migrate vulnerability state management to GraphQL See merge request gitlab-org/gitlab!50034

Merge branch '228740-use-graphql-mutations-to-update-state' into 'master'
Migrate vulnerability state management to GraphQL See merge request gitlab-org/gitlab!50034
04f0ec2a · Kushal Pandya · 1cf69f5d · 64081ae6 · 04f0ec2a · 04f0ec2a
Commit 04f0ec2a authored Dec 18, 2020 by Kushal Pandya
11 changed files
--- a/ee/app/assets/javascripts/security_dashboard/graphql/mutate_vulnerability_state.js
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/mutate_vulnerability_state.js
+import vulnerabilityConfirm from './vulnerability_confirm.mutation.graphql';
+import vulnerabilityDismiss from './vulnerability_dismiss.mutation.graphql';
+import vulnerabilityResolve from './vulnerability_resolve.mutation.graphql';
+import vulnerabilityRevertToDetected from './vulnerability_revert_to_detected.mutation.graphql';
+export default {
+  revert: vulnerabilityRevertToDetected,
+  dismiss: vulnerabilityDismiss,
+  confirm: vulnerabilityConfirm,
+  resolve: vulnerabilityResolve,
+};
--- a/ee/app/assets/javascripts/security_dashboard/graphql/vulnerability_confirm.mutation.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/vulnerability_confirm.mutation.graphql
+mutation($id: VulnerabilityID!) {
+  vulnerabilityConfirm(input: { id: $id }) {
+    errors
+    vulnerability {
+      id
+      state
+      confirmedAt
+    }
+  }
+}
--- a/ee/app/assets/javascripts/security_dashboard/graphql/vulnerability_dismiss.mutation.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/vulnerability_dismiss.mutation.graphql
-mutation($id: ID!, $comment: String!) {
+mutation($id: VulnerabilityID!, $comment: String!) {
  vulnerabilityDismiss(input: { id: $id, comment: $comment }) {
    errors
    vulnerability {
      id
      state
+      dismissedAt
    }
  }
 }
--- a/ee/app/assets/javascripts/security_dashboard/graphql/vulnerability_resolve.mutation.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/vulnerability_resolve.mutation.graphql
+mutation($id: VulnerabilityID!) {
+  vulnerabilityResolve(input: { id: $id }) {
+    errors
+    vulnerability {
+      id
+      state
+      resolvedAt
+    }
+  }
+}
--- a/ee/app/assets/javascripts/security_dashboard/graphql/vulnerability_revert_to_detected.mutation.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/vulnerability_revert_to_detected.mutation.graphql
+mutation($id: VulnerabilityID!) {
+  vulnerabilityRevertToDetected(input: { id: $id }) {
+    errors
+    vulnerability {
+      id
+      state
+      detectedAt
+    }
+  }
+}
--- a/ee/app/assets/javascripts/vulnerabilities/components/header.vue
+++ b/ee/app/assets/javascripts/vulnerabilities/components/header.vue
@@ -3,12 +3,10 @@ import { GlLoadingIcon, GlButton, GlBadge } from '@gitlab/ui';
 import Api from 'ee/api';
 import { CancelToken } from 'axios';
 import SplitButton from 'ee/vue_shared/security_reports/components/split_button.vue';
+import vulnerabilityStateMutations from 'ee/security_dashboard/graphql/mutate_vulnerability_state';
 import axios from '~/lib/utils/axios_utils';
 import download from '~/lib/utils/downloader';
-import {
+import { convertObjectPropsToSnakeCase } from '~/lib/utils/common_utils';
-  convertObjectPropsToSnakeCase,
-  convertObjectPropsToCamelCase,
-} from '~/lib/utils/common_utils';
 import { redirectTo } from '~/lib/utils/url_utility';
 import { deprecatedCreateFlash as createFlash } from '~/flash';
 import { s__ } from '~/locale';
@@ -18,6 +16,8 @@ import VulnerabilityStateDropdown from './vulnerability_state_dropdown.vue';
 import StatusDescription from './status_description.vue';
 import { VULNERABILITY_STATE_OBJECTS, FEEDBACK_TYPES, HEADER_ACTION_BUTTONS } from '../constants';
+const gidPrefix = 'gid://gitlab/Vulnerability/';
 export default {
  name: 'VulnerabilityHeader',
@@ -109,7 +109,9 @@ export default {
      handler(state) {
        const id = this.vulnerability[`${state}ById`];
-        if (id === undefined) return; // Don't do anything if there's no ID.
+        if (!id) {
+          return;
+        }
        this.isLoadingUser = true;
@@ -132,25 +134,39 @@ export default {
      const fn = this[action];
      if (typeof fn === 'function') fn();
    },
-    changeVulnerabilityState(newState) {
+    async changeVulnerabilityState({ action, payload }) {
      this.isLoadingVulnerability = true;
-      Api.changeVulnerabilityState(this.vulnerability.id, newState)
+      try {
-        .then(({ data }) => {
+        const { data } = await this.$apollo.mutate({
-          Object.assign(this.vulnerability, convertObjectPropsToCamelCase(data));
+          mutation: vulnerabilityStateMutations[action],
+          variables: { id: `${gidPrefix}${this.vulnerability.id}`, ...payload },
+        });
+        const [queryName] = Object.keys(data);
+        const { vulnerability } = data[queryName];
+        vulnerability.id = vulnerability.id.replace(gidPrefix, '');
+        vulnerability.state = vulnerability.state.toLowerCase();
+        this.vulnerability = {
+          ...this.vulnerability,
+          ...vulnerability,
+        };
        this.$emit('vulnerability-state-change');
-        })
+      } catch (error) {
-        .catch(() => {
+        createFlash({
-          createFlash(
+          error,
-            s__(
+          captureError: true,
+          message: s__(
            'VulnerabilityManagement|Something went wrong, could not update vulnerability state.',
          ),
-          );
-        })
-        .finally(() => {
-          this.isLoadingVulnerability = false;
        });
+      } finally {
+        this.isLoadingVulnerability = false;
+      }
    },
    createMergeRequest() {
      this.isProcessingAction = true;

--- a/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_state_dropdown.vue
+++ b/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_state_dropdown.vue
@@ -48,7 +48,7 @@ export default {
    },
    saveState(selectedState) {
-      this.$emit('change', selectedState.action);
+      this.$emit('change', selectedState);
      this.closeDropdown();
    },
  },

--- a/ee/app/assets/javascripts/vulnerabilities/constants.js
+++ b/ee/app/assets/javascripts/vulnerabilities/constants.js
@@ -4,6 +4,8 @@ import {
  FEEDBACK_TYPE_MERGE_REQUEST,
 } from '~/vue_shared/security_reports/constants';
+const falsePositiveMessage = s__('VulnerabilityManagement|Will not fix or a false-positive');
 export const VULNERABILITY_STATE_OBJECTS = {
  detected: {
    action: 'revert',
@@ -16,7 +18,10 @@ export const VULNERABILITY_STATE_OBJECTS = {
    action: 'dismiss',
    state: 'dismissed',
    displayName: s__('Dismiss'),
-    description: s__('VulnerabilityManagement|Will not fix or a false-positive'),
+    description: falsePositiveMessage,
+    payload: {
+      comment: falsePositiveMessage,
+    },
  },
  confirmed: {
    action: 'confirm',

--- a/ee/app/assets/javascripts/vulnerabilities/vulnerabilities_init.js
+++ b/ee/app/assets/javascripts/vulnerabilities/vulnerabilities_init.js
 import Vue from 'vue';
 import App from 'ee/vulnerabilities/components/vulnerability.vue';
+import apolloProvider from 'ee/security_dashboard/graphql/provider';
 import { convertObjectPropsToCamelCase } from '~/lib/utils/common_utils';
 export default el => {
  if (!el) {
    return null;
  }
  const vulnerability = convertObjectPropsToCamelCase(JSON.parse(el.dataset.vulnerability), {
    deep: true,
  });
  return new Vue({
    el,
+    apolloProvider,
    provide: {
      reportType: vulnerability.reportType,
      newIssueUrl: vulnerability.newIssueUrl,
@@ -21,7 +23,6 @@ export default el => {
      issueTrackingHelpPath: vulnerability.issueTrackingHelpPath,
      permissionsHelpPath: vulnerability.permissionsHelpPath,
    },
    render: h =>
      h(App, {
        props: { vulnerability },

--- a/ee/changelogs/unreleased/228740-use-graphql-mutations-to-update-state.yml
+++ b/ee/changelogs/unreleased/228740-use-graphql-mutations-to-update-state.yml
+---
+title: Migrate vulnerability state management to GraphQL
+merge_request: 50034
+author:
+type: changed
--- a/ee/spec/frontend/vulnerabilities/header_spec.js
+++ b/ee/spec/frontend/vulnerabilities/header_spec.js
 import { GlButton, GlBadge } from '@gitlab/ui';
-import { shallowMount } from '@vue/test-utils';
+import { shallowMount, createLocalVue } from '@vue/test-utils';
+import VueApollo from 'vue-apollo';
 import MockAdapter from 'axios-mock-adapter';
 import Api from 'ee/api';
 import SplitButton from 'ee/vue_shared/security_reports/components/split_button.vue';
@@ -7,15 +8,20 @@ import Header from 'ee/vulnerabilities/components/header.vue';
 import ResolutionAlert from 'ee/vulnerabilities/components/resolution_alert.vue';
 import StatusDescription from 'ee/vulnerabilities/components/status_description.vue';
 import VulnerabilityStateDropdown from 'ee/vulnerabilities/components/vulnerability_state_dropdown.vue';
+import vulnerabilityStateMutations from 'ee/security_dashboard/graphql/mutate_vulnerability_state';
 import { FEEDBACK_TYPES, VULNERABILITY_STATE_OBJECTS } from 'ee/vulnerabilities/constants';
 import UsersMockHelper from 'helpers/user_mock_data_helper';
 import waitForPromises from 'helpers/wait_for_promises';
+import createMockApollo from 'jest/helpers/mock_apollo_helper';
 import { convertObjectPropsToSnakeCase } from '~/lib/utils/common_utils';
 import { deprecatedCreateFlash as createFlash } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 import download from '~/lib/utils/downloader';
 import * as urlUtility from '~/lib/utils/url_utility';
+const localVue = createLocalVue();
+localVue.use(VueApollo);
 const vulnerabilityStateEntries = Object.entries(VULNERABILITY_STATE_OBJECTS);
 const mockAxios = new MockAdapter(axios);
 jest.mock('~/flash');
@@ -60,6 +66,10 @@ describe('Vulnerability Header', () => {
    };
  };
+  const createApolloProvider = (...queries) => {
+    return createMockApollo([...queries]);
+  };
  const createRandomUser = () => {
    const user = UsersMockHelper.createRandomUser();
    const url = Api.buildUrl(Api.userPath).replace(':id', user.id);
@@ -74,10 +84,15 @@ describe('Vulnerability Header', () => {
  const findResolutionAlert = () => wrapper.find(ResolutionAlert);
  const findStatusDescription = () => wrapper.find(StatusDescription);
-  const createWrapper = (vulnerability = {}) => {
+  const createWrapper = ({ vulnerability = {}, apolloProvider }) => {
    wrapper = shallowMount(Header, {
+      localVue,
+      apolloProvider,
      propsData: {
-        initialVulnerability: { ...defaultVulnerability, ...vulnerability },
+        initialVulnerability: {
+          ...defaultVulnerability,
+          ...vulnerability,
+        },
      },
      stubs: {
        GlBadge,
@@ -92,60 +107,73 @@ describe('Vulnerability Header', () => {
    createFlash.mockReset();
  });
-  describe('state dropdown', () => {
+  describe.each`
-    beforeEach(() => createWrapper());
+    action       | queryName                          | expected
+    ${'dismiss'} | ${'vulnerabilityDismiss'}          | ${'dismissed'}
+    ${'confirm'} | ${'vulnerabilityConfirm'}          | ${'confirmed'}
+    ${'resolve'} | ${'vulnerabilityResolve'}          | ${'resolved'}
+    ${'revert'}  | ${'vulnerabilityRevertToDetected'} | ${'detected'}
+  `('state dropdown change', ({ action, queryName, expected }) => {
+    describe('when API call is successful', () => {
+      beforeEach(() => {
+        const apolloProvider = createApolloProvider([
+          vulnerabilityStateMutations[action],
+          jest.fn().mockResolvedValue({
+            data: {
+              [queryName]: {
+                errors: [],
+                vulnerability: {
+                  id: 'gid://gitlab/Vulnerability/54',
+                  [`${expected}At`]: '2020-09-16T11:13:26Z',
+                  state: expected.toUpperCase(),
+                },
+              },
+            },
+          }),
+        ]);
-    it('the vulnerability state dropdown is rendered', () => {
+        createWrapper({ apolloProvider });
-      expect(wrapper.find(VulnerabilityStateDropdown).exists()).toBe(true);
      });
-    it('when the vulnerability state dropdown emits a change event, a POST API call is made', () => {
+      it(`updates the state properly - ${action}`, async () => {
        const dropdown = wrapper.find(VulnerabilityStateDropdown);
-      mockAxios.onPost().reply(201);
+        dropdown.vm.$emit('change', { action });
-      dropdown.vm.$emit('change');
-      return waitForPromises().then(() => {
+        await waitForPromises();
-        expect(mockAxios.history.post).toHaveLength(1); // Check that a POST request was made.
+        expect(findBadge().text()).toBe(expected);
-      });
      });
-    it('when the vulnerability state dropdown emits a change event, the state badge updates', () => {
+      it(`emits an event when the state is changed - ${action}`, async () => {
-      const newState = 'dismissed';
-      mockAxios.onPost().reply(201, { state: newState });
-      expect(findBadge().text()).not.toBe(newState);
        const dropdown = wrapper.find(VulnerabilityStateDropdown);
+        dropdown.vm.$emit('change', { action });
-      dropdown.vm.$emit('change');
+        await waitForPromises();
+        expect(wrapper.emitted()['vulnerability-state-change']).toBeTruthy();
-      return waitForPromises().then(() => {
-        expect(findBadge().text()).toBe(newState);
      });
    });
-    it('when the vulnerability state dropdown emits a change event, the vulnerabilities event bus event is emitted with the proper event', () => {
+    describe('when API call is failed', () => {
-      const newState = 'dismissed';
+      beforeEach(() => {
-      mockAxios.onPost().reply(201, { state: newState });
+        const apolloProvider = createApolloProvider([
-      expect(findBadge().text()).not.toBe(newState);
+          vulnerabilityStateMutations[action],
+          jest.fn().mockRejectedValue({
-      const dropdown = wrapper.find(VulnerabilityStateDropdown);
+            data: {
+              [queryName]: {
-      dropdown.vm.$emit('change');
+                errors: [{ message: 'Something went wrong' }],
+                vulnerability: {},
+              },
+            },
+          }),
+        ]);
-      return waitForPromises().then(() => {
+        createWrapper({ apolloProvider });
-        expect(wrapper.emitted()['vulnerability-state-change']).toBeTruthy();
-      });
      });
-    it('when the vulnerability state changes but the API call fails, an error message is displayed', () => {
+      it('when the vulnerability state changes but the API call fails, an error message is displayed', async () => {
        const dropdown = wrapper.find(VulnerabilityStateDropdown);
-      mockAxios.onPost().reply(400);
+        dropdown.vm.$emit('change', { action });
-      dropdown.vm.$emit('change', 'dismissed');
-      return waitForPromises().then(() => {
+        await waitForPromises();
-        expect(mockAxios.history.post).toHaveLength(1);
        expect(createFlash).toHaveBeenCalledTimes(1);
      });
    });
@@ -153,7 +181,7 @@ describe('Vulnerability Header', () => {
  describe('split button', () => {
    it('does render the create merge request and issue button as a split button', () => {
-      createWrapper(getVulnerability({ shouldShowMergeRequestButton: true }));
+      createWrapper({ vulnerability: getVulnerability({ shouldShowMergeRequestButton: true }) });
      expect(findSplitButton().exists()).toBe(true);
      const buttons = findSplitButton().props('buttons');
      expect(buttons).toHaveLength(2);
@@ -162,30 +190,32 @@ describe('Vulnerability Header', () => {
    });
    it('does not render the split button if there is only one action', () => {
-      createWrapper(
+      createWrapper({
-        getVulnerability({
+        vulnerability: getVulnerability({
          shouldShowMergeRequestButton: true,
          shouldShowDownloadPatchButton: false,
        }),
-      );
+      });
      expect(findSplitButton().exists()).toBe(false);
    });
  });
  describe('single action button', () => {
    it('does not display if there are no actions', () => {
-      createWrapper(getVulnerability({}));
+      createWrapper({ vulnerability: getVulnerability({}) });
      expect(findGlButton().exists()).toBe(false);
    });
    describe('create merge request', () => {
      beforeEach(() => {
        createWrapper({
+          vulnerability: {
            ...getVulnerability({
              shouldShowMergeRequestButton: true,
              shouldShowDownloadPatchButton: false,
            }),
            state: 'resolved',
+          },
        });
      });
@@ -239,8 +269,10 @@ describe('Vulnerability Header', () => {
    describe('can download patch', () => {
      beforeEach(() => {
        createWrapper({
+          vulnerability: {
            ...getVulnerability({ shouldShowMergeRequestButton: true }),
            createMrUrl: '',
+          },
        });
      });
@@ -269,7 +301,7 @@ describe('Vulnerability Header', () => {
    it.each(Object.entries(badgeVariants))(
      'the vulnerability state badge has the correct style for the %s state',
      (state, variant) => {
-        createWrapper({ state });
+        createWrapper({ vulnerability: { state } });
        expect(findBadge().props('variant')).toBe(variant);
        expect(findBadge().text()).toBe(state);
@@ -278,16 +310,22 @@ describe('Vulnerability Header', () => {
  });
  describe('status description', () => {
-    it('the status description is rendered and passed the correct data', () => {
+    let vulnerability;
-      const user = createRandomUser();
+    let user;
-      const vulnerability = {
+    beforeEach(() => {
+      user = createRandomUser();
+      vulnerability = {
        ...defaultVulnerability,
        state: 'confirmed',
        confirmedById: user.id,
      };
-      createWrapper(vulnerability);
+      createWrapper({ vulnerability });
+    });
+    it('the status description is rendered and passed the correct data', () => {
      return waitForPromises().then(() => {
        expect(findStatusDescription().exists()).toBe(true);
        expect(findStatusDescription().props()).toEqual({
@@ -306,8 +344,10 @@ describe('Vulnerability Header', () => {
    beforeEach(() => {
      createWrapper({
+        vulnerability: {
          resolvedOnDefaultBranch: true,
          projectDefaultBranch: branchName,
+        },
      });
    });
@@ -337,7 +377,7 @@ describe('Vulnerability Header', () => {
      `loads the correct user for the vulnerability state "%s"`,
      state => {
        const user = createRandomUser();
-        createWrapper({ state, [`${state}ById`]: user.id });
+        createWrapper({ vulnerability: { state, [`${state}ById`]: user.id } });
        return waitForPromises().then(() => {
          expect(mockAxios.history.get).toHaveLength(1);
@@ -347,7 +387,7 @@ describe('Vulnerability Header', () => {
    );
    it('does not load a user if there is no user ID', () => {
-      createWrapper({ state: 'detected' });
+      createWrapper({ vulnerability: { state: 'detected' } });
      return waitForPromises().then(() => {
        expect(mockAxios.history.get).toHaveLength(0);
@@ -356,7 +396,7 @@ describe('Vulnerability Header', () => {
    });
    it('will show an error when the user cannot be loaded', () => {
-      createWrapper({ state: 'confirmed', confirmedById: 1 });
+      createWrapper({ vulnerability: { state: 'confirmed', confirmedById: 1 } });
      mockAxios.onGet().replyOnce(500);
@@ -368,7 +408,7 @@ describe('Vulnerability Header', () => {
    it('will set the isLoadingUser property correctly when the user is loading and finished loading', () => {
      const user = createRandomUser();
-      createWrapper({ state: 'confirmed', confirmedById: user.id });
+      createWrapper({ vulnerability: { state: 'confirmed', confirmedById: user.id } });
      expect(findStatusDescription().props('isLoadingUser')).toBe(true);