Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
0b0b46a9
Commit
0b0b46a9
authored
Aug 26, 2021
by
Zamir Martins
Committed by
David Kim
Aug 26, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Reset severity_levels default
parent
6351643b
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
60 additions
and
2 deletions
+60
-2
db/post_migrate/20210819183128_reset_severity_levels_to_new_default.rb
...te/20210819183128_reset_severity_levels_to_new_default.rb
+17
-0
db/schema_migrations/20210819183128
db/schema_migrations/20210819183128
+1
-0
ee/app/models/approval_project_rule.rb
ee/app/models/approval_project_rule.rb
+2
-1
ee/spec/models/approval_project_rule_spec.rb
ee/spec/models/approval_project_rule_spec.rb
+6
-0
ee/spec/support/shared_examples/requests/api/project_approval_rules_api_shared_examples.rb
...equests/api/project_approval_rules_api_shared_examples.rb
+1
-1
spec/migrations/reset_severity_levels_to_new_default_spec.rb
spec/migrations/reset_severity_levels_to_new_default_spec.rb
+33
-0
No files found.
db/post_migrate/20210819183128_reset_severity_levels_to_new_default.rb
0 → 100644
View file @
0b0b46a9
# frozen_string_literal: true
class
ResetSeverityLevelsToNewDefault
<
ActiveRecord
::
Migration
[
6.1
]
ALL_SEVERITY_LEVELS
=
6
# ::Enums::Vulnerability::SEVERITY_LEVELS.count
def
up
execute
(
<<~
SQL
.
squish
)
UPDATE approval_project_rules
SET severity_levels = '{unknown, high, critical}'
WHERE array_length(severity_levels, 1) =
#{
ALL_SEVERITY_LEVELS
}
;
SQL
end
def
down
# no-op
end
end
db/schema_migrations/20210819183128
0 → 100644
View file @
0b0b46a9
d57791945f0d21da90a5b1d75db9add6c7e916ad3c13df2522c7d71d572baa47
\ No newline at end of file
ee/app/models/approval_project_rule.rb
View file @
0b0b46a9
...
...
@@ -6,6 +6,7 @@ class ApprovalProjectRule < ApplicationRecord
UNSUPPORTED_SCANNER
=
'cluster_image_scanning'
SUPPORTED_SCANNERS
=
(
::
Ci
::
JobArtifact
::
SECURITY_REPORT_FILE_TYPES
-
[
UNSUPPORTED_SCANNER
]).
freeze
DEFAULT_SEVERITIES
=
%w[unknown high critical]
.
freeze
belongs_to
:project
has_and_belongs_to_many
:protected_branches
...
...
@@ -32,7 +33,7 @@ class ApprovalProjectRule < ApplicationRecord
default_value_for
:vulnerabilities_allowed
,
allows_nil:
false
,
value:
0
validates
:severity_levels
,
inclusion:
{
in:
::
Enums
::
Vulnerability
.
severity_levels
.
keys
}
default_value_for
:severity_levels
,
allows_nil:
false
,
value:
::
Enums
::
Vulnerability
.
severity_levels
.
keys
default_value_for
:severity_levels
,
allows_nil:
false
,
value:
DEFAULT_SEVERITIES
def
applies_to_branch?
(
branch
)
return
true
if
protected_branches
.
empty?
...
...
ee/spec/models/approval_project_rule_spec.rb
View file @
0b0b46a9
...
...
@@ -9,6 +9,12 @@ RSpec.describe ApprovalProjectRule do
it
'is invalid when name not unique within rule type and project'
do
is_expected
.
to
validate_uniqueness_of
(
:name
).
scoped_to
([
:project_id
,
:rule_type
])
end
context
'DEFAULT_SEVERITIES'
do
it
'contains a valid subset of severity levels'
do
expect
(
::
Enums
::
Vulnerability
.
severity_levels
.
keys
).
to
include
(
*
described_class
::
DEFAULT_SEVERITIES
)
end
end
end
describe
'associations'
do
...
...
ee/spec/support/shared_examples/requests/api/project_approval_rules_api_shared_examples.rb
View file @
0b0b46a9
...
...
@@ -151,7 +151,7 @@ RSpec.shared_examples 'an API endpoint for updating project approval rule' do
it
'returns 200 status'
do
expect
do
put
api
(
url
,
current_user
),
params:
{
severity_levels:
severity_levels
}
end
.
to
change
{
approval_rule
.
reload
.
severity_levels
.
count
}.
from
(
::
Enums
::
Vulnerability
.
severity_levels
.
keys
.
count
).
to
(
severity_levels
.
count
)
end
.
to
change
{
approval_rule
.
reload
.
severity_levels
.
count
}.
from
(
::
ApprovalProjectRule
::
DEFAULT_SEVERITIES
.
count
).
to
(
severity_levels
.
count
)
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
end
end
...
...
spec/migrations/reset_severity_levels_to_new_default_spec.rb
0 → 100644
View file @
0b0b46a9
# frozen_string_literal: true
require
'spec_helper'
require_migration!
RSpec
.
describe
ResetSeverityLevelsToNewDefault
do
let
(
:approval_project_rules
)
{
table
(
:approval_project_rules
)
}
let
(
:projects
)
{
table
(
:projects
)}
let
(
:namespaces
)
{
table
(
:namespaces
)}
let
(
:namespace
)
{
namespaces
.
create!
(
name:
'namespace'
,
path:
'namespace'
)}
let
(
:project
)
{
projects
.
create!
(
name:
'project'
,
path:
'project'
,
namespace_id:
namespace
.
id
)}
let
(
:approval_project_rule
)
{
approval_project_rules
.
create!
(
name:
'rule'
,
project_id:
project
.
id
,
severity_levels:
severity_levels
)
}
context
'without having all severity levels selected'
do
let
(
:severity_levels
)
{
[
'high'
]
}
it
'does not change severity_levels'
do
expect
(
approval_project_rule
.
severity_levels
).
to
eq
(
severity_levels
)
expect
{
migrate!
}.
not_to
change
{
approval_project_rule
.
reload
.
severity_levels
}
end
end
context
'with all scanners selected'
do
let
(
:severity_levels
)
{
::
Enums
::
Vulnerability
::
SEVERITY_LEVELS
.
keys
}
let
(
:default_levels
)
{
%w(unknown high critical)
}
it
'changes severity_levels to the default value'
do
expect
(
approval_project_rule
.
severity_levels
).
to
eq
(
severity_levels
)
expect
{
migrate!
}.
to
change
{
approval_project_rule
.
reload
.
severity_levels
}.
from
(
severity_levels
).
to
(
default_levels
)
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment