Commit 23299096 authored by Craig Smith's avatar Craig Smith Committed by Stan Hu

Show error when the DAST feature not available

parent 1ba0026a
---
title: Add a job to the DAST template that shows an error in the console if the user is not licensed to use DAST.
merge_request: 47484
author:
type: changed
...@@ -47,8 +47,8 @@ RSpec.describe 'Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml' do ...@@ -47,8 +47,8 @@ RSpec.describe 'Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml' do
end end
context 'when project has no license' do context 'when project has no license' do
it 'includes no DAST jobs' do it 'includes dast_unlicensed job' do
expect(build_names).to eq %w(placeholder) expect(build_names).to eq %w(placeholder dast_unlicensed)
end end
end end
......
...@@ -21,8 +21,72 @@ RSpec.describe 'DAST.gitlab-ci.yml' do ...@@ -21,8 +21,72 @@ RSpec.describe 'DAST.gitlab-ci.yml' do
end end
context 'when project has no license' do context 'when project has no license' do
it 'includes no jobs' do let(:cluster) { create(:cluster, :project, :provided_by_gcp, projects: [project]) }
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
context 'when k8 is active' do
before do
allow(cluster).to receive(:active?).and_return(true)
end
it 'includes dast_unlicensed job' do
expect(build_names).to match_array(%w[dast_unlicensed])
end
end
context 'when DAST_WEBSITE is active' do
before do
create(:ci_variable, project: project, key: 'DAST_WEBSITE', value: 'http://example.com')
end
it 'includes dast_unlicensed job' do
expect(build_names).to match_array(%w[dast_unlicensed])
end
end
context 'when DAST_API_SPECIFICATION is set' do
before do
create(:ci_variable, project: project, key: 'DAST_API_SPECIFICATION', value: 'http://example/open-api-v2.json')
end
it 'includes dast_unlicensed job' do
expect(build_names).to match_array(%w[dast_unlicensed])
end
end
context 'when DAST_DISABLED' do
before do
create(:ci_variable, project: project, key: 'DAST_DISABLED', value: '1')
end
it 'includes no job' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end
end
context 'when DAST_DISABLED_FOR_DEFAULT_BRANCH and CI_DEFAULT_BRANCH equals CI_COMMIT_REF_NAME' do
before do
create(:ci_variable, project: project, key: 'DAST_DISABLED_FOR_DEFAULT_BRANCH', value: '1')
create(:ci_variable, project: project, key: 'CI_DEFAULT_BRANCH', value: 'test_branch')
create(:ci_variable, project: project, key: 'CI_COMMIT_REF_NAME', value: 'test_branch')
end
it 'includes no job' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end
end
context 'when not on default branch and review disabled and both DAST_WEBSITE and DAST_API_SPECIFICATION are not set' do
before do
create(:ci_variable, project: project, key: 'CI_DEFAULT_BRANCH', value: 'main')
create(:ci_variable, project: project, key: 'CI_COMMIT_REF_NAME', value: 'test_branch')
create(:ci_variable, project: project, key: 'REVIEW_DISABLED', value: '1')
create(:ci_variable, project: project, key: 'DAST_WEBSITE', value: nil)
create(:ci_variable, project: project, key: 'DAST_API_SPECIFICATION', value: nil)
end
it 'includes no job' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end
end end
end end
...@@ -56,7 +120,7 @@ RSpec.describe 'DAST.gitlab-ci.yml' do ...@@ -56,7 +120,7 @@ RSpec.describe 'DAST.gitlab-ci.yml' do
create(:ci_variable, project: project, key: 'DAST_WEBSITE', value: 'http://example.com') create(:ci_variable, project: project, key: 'DAST_WEBSITE', value: 'http://example.com')
end end
it 'includes job' do it 'includes dast job' do
expect(build_names).to match_array(%w[dast]) expect(build_names).to match_array(%w[dast])
end end
end end
...@@ -66,7 +130,7 @@ RSpec.describe 'DAST.gitlab-ci.yml' do ...@@ -66,7 +130,7 @@ RSpec.describe 'DAST.gitlab-ci.yml' do
create(:ci_variable, project: project, key: 'DAST_API_SPECIFICATION', value: 'http://my.api/api-specification.yml') create(:ci_variable, project: project, key: 'DAST_API_SPECIFICATION', value: 'http://my.api/api-specification.yml')
end end
it 'includes job' do it 'includes dast job' do
expect(build_names).to match_array(%w[dast]) expect(build_names).to match_array(%w[dast])
end end
end end
...@@ -104,7 +168,7 @@ RSpec.describe 'DAST.gitlab-ci.yml' do ...@@ -104,7 +168,7 @@ RSpec.describe 'DAST.gitlab-ci.yml' do
project.repository.create_branch(pipeline_branch) project.repository.create_branch(pipeline_branch)
end end
it 'includes job' do it 'includes dast job' do
expect(build_names).to match_array(%w[dast]) expect(build_names).to match_array(%w[dast])
end end
end end
...@@ -118,7 +182,7 @@ RSpec.describe 'DAST.gitlab-ci.yml' do ...@@ -118,7 +182,7 @@ RSpec.describe 'DAST.gitlab-ci.yml' do
end end
context 'when on default branch' do context 'when on default branch' do
it 'includes job' do it 'includes dast job' do
expect(build_names).to match_array(%w[dast]) expect(build_names).to match_array(%w[dast])
end end
end end
......
...@@ -49,3 +49,32 @@ dast: ...@@ -49,3 +49,32 @@ dast:
- if: $CI_COMMIT_BRANCH && - if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bdast\b/ && $GITLAB_FEATURES =~ /\bdast\b/ &&
$DAST_API_SPECIFICATION $DAST_API_SPECIFICATION
dast_unlicensed:
stage: dast
allow_failure: true
variables:
GIT_STRATEGY: none
rules:
- if: $DAST_DISABLED
when: never
- if: $DAST_DISABLED_FOR_DEFAULT_BRANCH &&
$CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME
when: never
- if: $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME &&
$REVIEW_DISABLED && $DAST_WEBSITE == null &&
$DAST_API_SPECIFICATION == null
when: never
- if: $CI_COMMIT_BRANCH &&
$CI_KUBERNETES_ACTIVE &&
$GITLAB_FEATURES !~ /\bdast\b/
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES !~ /\bdast\b/ &&
$DAST_WEBSITE
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES !~ /\bdast\b/ &&
$DAST_API_SPECIFICATION
script:
- |
echo "Error: Your GitLab project is not licensed for DAST."
- exit 1
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment