Merge branch '339751-update-alert' into 'master'

Update policy validation to check for valild name See merge request gitlab-org/gitlab!80967

Merge branch '339751-update-alert' into 'master'
Update policy validation to check for valild name See merge request gitlab-org/gitlab!80967
314715ef · David Fernandez · 1a0c3a85 · dee93213 · 314715ef · 314715ef
Commit 314715ef authored Feb 23, 2022 by David Fernandez
4 changed files
--- a/ee/app/services/security/security_orchestration_policies/validate_policy_service.rb
+++ b/ee/app/services/security/security_orchestration_policies/validate_policy_service.rb
@@ -4,6 +4,8 @@ module Security
  module SecurityOrchestrationPolicies
    class ValidatePolicyService < ::BaseProjectService
      def execute
+        return error(s_('SecurityOrchestration|Empty policy name')) if blank_name?
+
        return success if policy_disabled?

        return error(s_('SecurityOrchestration|Invalid policy type')) if invalid_policy_type?
@@ -25,6 +27,10 @@ module Security
        !Security::OrchestrationPolicyConfiguration::AVAILABLE_POLICY_TYPES.include?(policy_type)
      end

+      def blank_name?
+        policy[:name].blank?
+      end
+
      def blank_branch_for_rule?
        return false if policy_type == :scan_result_policy


--- a/ee/spec/services/security/security_orchestration_policies/policy_commit_service_spec.rb
+++ b/ee/spec/services/security/security_orchestration_policies/policy_commit_service_spec.rb
@@ -31,6 +31,7 @@ RSpec.describe Security::SecurityOrchestrationPolicies::PolicyCommitService do
      let(:invalid_input_policy_yaml) do
        <<-EOS
          invalid_name: invalid
+          name: 'policy name'
          type: scan_execution_policy
        EOS
      end
@@ -42,7 +43,7 @@ RSpec.describe Security::SecurityOrchestrationPolicies::PolicyCommitService do

        expect(response[:status]).to eq(:error)
        expect(response[:message]).to eq("Invalid policy YAML")
-        expect(response[:details]).to eq(["property '/scan_execution_policy/0' is missing required keys: name, enabled, rules, actions"])
+        expect(response[:details]).to match_array(["property '/scan_execution_policy/0' is missing required keys: enabled, rules, actions"])
      end
    end


--- a/ee/spec/services/security/security_orchestration_policies/validate_policy_service_spec.rb
+++ b/ee/spec/services/security/security_orchestration_policies/validate_policy_service_spec.rb
@@ -7,10 +7,12 @@ RSpec.describe Security::SecurityOrchestrationPolicies::ValidatePolicyService do
    let(:service) { described_class.new(project: project, params: { policy: policy }) }
    let(:enabled) { true }
    let(:policy_type) { 'scan_execution_policy' }
+    let(:name) { 'New policy' }
    let(:rule) { { clusters: { production: {} } } }
    let(:policy) do
      {
        type: policy_type,
+        name: name,
        enabled: enabled,
        rules: [rule]
      }
@@ -44,6 +46,26 @@ RSpec.describe Security::SecurityOrchestrationPolicies::ValidatePolicyService do
      end
    end

+    shared_examples 'checks policy name' do
+      context 'when policy name is not provided' do
+        let(:name) { nil }
+
+        it { expect(result[:status]).to eq(:error) }
+        it { expect(result[:message]).to eq('Empty policy name') }
+      end
+
+      context 'when policy name is invalid' do
+        let(:name) { '' }
+
+        it { expect(result[:status]).to eq(:error) }
+        it { expect(result[:message]).to eq('Empty policy name') }
+      end
+
+      context 'when policy name is valid' do
+        it { expect(result[:status]).to eq(:success) }
+      end
+    end
+
    shared_examples 'checks if branches are provided in rule' do
      context 'when rule has clusters defined' do
        let(:rule) do

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -32428,6 +32428,9 @@ msgstr ""
 msgid "SecurityOrchestration|Edit policy project"
 msgstr ""

+msgid "SecurityOrchestration|Empty policy name"
+msgstr ""
+
 msgid "SecurityOrchestration|Enabled"
 msgstr ""