Commit 08caac24 authored by Douwe Maan's avatar Douwe Maan

Merge branch '4299_show_secure_results_on_environments_page_be' into 'master'

Show secure results on environments page, backend

See merge request gitlab-org/gitlab-ee!6987
parents b5f78ed8 ccc847db
...@@ -5,6 +5,8 @@ module EE ...@@ -5,6 +5,8 @@ module EE
prepended do prepended do
has_many :prometheus_alerts, inverse_of: :environment has_many :prometheus_alerts, inverse_of: :environment
has_one :last_deployable, through: :last_deployment, source: 'deployable', source_type: 'CommitStatus'
has_one :last_pipeline, through: :last_deployable, source: 'pipeline'
end end
def pod_names def pod_names
......
...@@ -7,6 +7,32 @@ module EE ...@@ -7,6 +7,32 @@ module EE
expose :logs_path, if: -> (*) { can_read_pod_logs? } do |environment| expose :logs_path, if: -> (*) { can_read_pod_logs? } do |environment|
logs_project_environment_path(environment.project, environment) logs_project_environment_path(environment.project, environment)
end end
expose :secure_artifacts do
expose :sast_path, if: -> (*) { environment.last_pipeline&.expose_sast_data? } do |environment|
raw_project_build_artifacts_url(environment.project,
environment.last_pipeline.sast_artifact,
path: Ci::Build::SAST_FILE)
end
expose :dependency_scanning_path, if: -> (*) { environment.last_pipeline&.expose_dependency_scanning_data? } do |environment|
raw_project_build_artifacts_url(environment.project,
environment.last_pipeline.dependency_scanning_artifact,
path: Ci::Build::DEPENDENCY_SCANNING_FILE)
end
expose :dast_path, if: -> (*) { environment.last_pipeline&.expose_dast_data? } do |environment|
raw_project_build_artifacts_url(environment.project,
environment.last_pipeline.dast_artifact,
path: Ci::Build::DAST_FILE)
end
expose :container_scanning_path, if: -> (*) { environment.last_pipeline&.expose_container_scanning_data? } do |environment|
raw_project_build_artifacts_url(environment.project,
environment.last_pipeline.container_scanning_artifact,
path: Ci::Build::CONTAINER_SCANNING_FILE)
end
end
end end
private private
......
---
title: Show security analysis status on the environments page
merge_request: 6987
author:
type: added
...@@ -8,7 +8,8 @@ ...@@ -8,7 +8,8 @@
"last_deployment", "last_deployment",
"environment_path", "environment_path",
"created_at", "created_at",
"updated_at" "updated_at",
"secure_artifacts"
], ],
"properties": { "properties": {
"id": { "id": {
...@@ -68,6 +69,24 @@ ...@@ -68,6 +69,24 @@
}, },
"can_stop": { "can_stop": {
"type": "boolean" "type": "boolean"
},
"secure_artifacts": {
"type": "object",
"additionalProperties": false,
"properties": {
"sast": {
"type": "integer"
},
"dast": {
"type": "string"
},
"container_scanning": {
"type": "string"
},
"dependency_scanning": {
"type": "string"
}
}
} }
} }
} }
...@@ -32,4 +32,65 @@ describe EnvironmentEntity do ...@@ -32,4 +32,65 @@ describe EnvironmentEntity do
it_behaves_like 'protected environments access', false it_behaves_like 'protected environments access', false
end end
describe 'secure_artifacts hash' do
it 'is present' do
expect(entity.as_json.include?(:secure_artifacts)).to eq(true)
end
it 'is empty' do
expect(entity.as_json[:secure_artifacts].size).to eq(0)
end
end
context 'with secure artifacts' do
let(:pipeline) { create(:ci_pipeline, :success, project: project) }
let(:deployable) { create(:ci_build, :success, pipeline: pipeline) }
jobs_parameters = [
{ name: 'sast', filename: 'gl-sast-report.json' },
{ name: 'dast', filename: 'gl-dast-report.json' },
{ name: 'container_scanning', filename: 'gl-container-scanning-report.json' },
{ name: 'dependency_scanning', filename: 'gl-dependency-scanning-report.json' }
]
before do
stub_licensed_features(sast: true, dast: true, dependency_scanning: true, sast_container: true)
create(:deployment, deployable: deployable, environment: environment)
jobs_parameters.each do |job_parameters|
create(
:ci_job_artifact,
:archive,
job: create(
:ci_build,
:success,
pipeline: pipeline,
name: job_parameters[:name],
options: {
artifacts: {
paths: [job_parameters[:filename]]
}
}))
end
end
describe 'secure_artifacts hash' do
it 'contains the reports' do
allow_any_instance_of(LegacyArtifactUploader).to receive(:exists?).and_return(true)
expect(entity.as_json[:secure_artifacts].size).to eq(4)
expect(entity.as_json[:secure_artifacts]).to include(:sast_path)
expect(entity.as_json[:secure_artifacts]).to include(:dast_path)
expect(entity.as_json[:secure_artifacts]).to include(:container_scanning_path)
expect(entity.as_json[:secure_artifacts]).to include(:dependency_scanning_path)
expect(entity.as_json[:secure_artifacts][:sast_path]).to end_with(Ci::Build::SAST_FILE)
expect(entity.as_json[:secure_artifacts][:dast_path]).to end_with(Ci::Build::DAST_FILE)
expect(entity.as_json[:secure_artifacts][:container_scanning_path]).to end_with(Ci::Build::CONTAINER_SCANNING_FILE)
expect(entity.as_json[:secure_artifacts][:dependency_scanning_path]).to end_with(Ci::Build::DEPENDENCY_SCANNING_FILE)
end
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment