Commit 4504a7f9 authored by Zamir Martins's avatar Zamir Martins Committed by Paul Slaughter

Enhance policy validation to consider scan result

policy as its rule can have no branches. It also
clears up a misunderstanding in a comment.

EE: true
parent eebbb1c7
...@@ -71,7 +71,7 @@ const updatePolicy = async ({ ...@@ -71,7 +71,7 @@ const updatePolicy = async ({
}; };
/** /**
* Updates the assigned security policy project's policy file with the new policy yaml or creates one (project or file) if one does not exist * Updates the assigned security policy project's policy file with the new policy yaml or creates one file if one does not exist
* @param {Object} payload contains the currently assigned security policy project (if one exists), the path to the project, and the policy yaml value * @param {Object} payload contains the currently assigned security policy project (if one exists), the path to the project, and the policy yaml value
* @returns {Object} contains the currently assigned security policy project and the created merge request * @returns {Object} contains the currently assigned security policy project and the created merge request
*/ */
......
...@@ -22,10 +22,12 @@ module Security ...@@ -22,10 +22,12 @@ module Security
def invalid_policy_type? def invalid_policy_type?
return true if policy[:type].blank? return true if policy[:type].blank?
!Security::OrchestrationPolicyConfiguration::AVAILABLE_POLICY_TYPES.include?(policy[:type].to_sym) !Security::OrchestrationPolicyConfiguration::AVAILABLE_POLICY_TYPES.include?(policy_type)
end end
def blank_branch_for_rule? def blank_branch_for_rule?
return false if policy_type == :scan_result_policy
policy[:rules].any? { |rule| rule[:clusters].blank? && rule[:branches].blank? } policy[:rules].any? { |rule| rule[:clusters].blank? && rule[:branches].blank? }
end end
...@@ -55,6 +57,10 @@ module Security ...@@ -55,6 +57,10 @@ module Security
repository.branch_names repository.branch_names
end end
end end
def policy_type
policy[:type].to_sym
end
end end
end end
end end
...@@ -76,13 +76,22 @@ RSpec.describe Security::SecurityOrchestrationPolicies::ValidatePolicyService do ...@@ -76,13 +76,22 @@ RSpec.describe Security::SecurityOrchestrationPolicies::ValidatePolicyService do
end end
context 'when branches are missing' do context 'when branches are missing' do
using RSpec::Parameterized::TableSyntax
let(:branches) { nil } let(:branches) { nil }
it { expect(result[:status]).to eq(:error) } where(:policy_type, :status, :message) do
it { expect(result[:message]).to eq('Policy cannot be enabled without branch information') } 'scan_result_policy' | :success | nil
'scan_execution_policy' | :error | 'Policy cannot be enabled without branch information'
end
with_them do
it { expect(result[:status]).to eq(status) }
it { expect(result[:message]).to eq(message) }
it_behaves_like 'checks only if policy is enabled' it_behaves_like 'checks only if policy is enabled'
end end
end
context 'when branches are provided' do context 'when branches are provided' do
let(:branches) { ['master'] } let(:branches) { ['master'] }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment