Merge branch '270208-app-code' into 'master'

Add rails app code for revocation API access See merge request gitlab-org/gitlab!46337

Merge branch '270208-app-code' into 'master'
Add rails app code for revocation API access See merge request gitlab-org/gitlab!46337
77a55ca5 · Mayra Cabrera · 48717575 · b7d76560 · 77a55ca5 · 77a55ca5
Commit 77a55ca5 authored Nov 09, 2020 by Mayra Cabrera
7 changed files
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -415,6 +415,7 @@ class ApplicationSetting < ApplicationRecord
  attr_encrypted :slack_app_secret, encryption_options_base_truncated_aes_256_gcm
  attr_encrypted :slack_app_verification_token, encryption_options_base_truncated_aes_256_gcm
  attr_encrypted :ci_jwt_signing_key, encryption_options_base_truncated_aes_256_gcm
+  attr_encrypted :secret_detection_token_revocation_token, encryption_options_base_truncated_aes_256_gcm

  before_validation :ensure_uuid!


--- a/ee/app/helpers/ee/application_settings_helper.rb
+++ b/ee/app/helpers/ee/application_settings_helper.rb
@@ -58,6 +58,9 @@ module EE
        :pseudonymizer_enabled,
        :repository_size_limit,
        :seat_link_enabled,
+        :secret_detection_token_revocation_enabled,
+        :secret_detection_token_revocation_url,
+        :secret_detection_token_revocation_token,
        :shared_runners_minutes,
        :slack_app_enabled,
        :slack_app_id,

--- a/ee/app/models/ee/application_setting.rb
+++ b/ee/app/models/ee/application_setting.rb
@@ -147,6 +147,9 @@ module EE
          pseudonymizer_enabled: false,
          repository_size_limit: 0,
          seat_link_enabled: Settings.gitlab['seat_link_enabled'],
+          secret_detection_token_revocation_enabled: false,
+          secret_detection_token_revocation_url: nil,
+          secret_detection_token_revocation_token: nil,
          slack_app_enabled: false,
          slack_app_id: nil,
          slack_app_secret: nil,

--- a/ee/changelogs/unreleased/270208-app-code.yml
+++ b/ee/changelogs/unreleased/270208-app-code.yml
+---
+title: Add app code for secret detection token revocation
+merge_request: 46337
+author:
+type: added
--- a/ee/lib/ee/api/helpers/settings_helpers.rb
+++ b/ee/lib/ee/api/helpers/settings_helpers.rb
@@ -30,6 +30,11 @@ module EE
              optional :elasticsearch_project_ids, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The project ids to index with Elasticsearch.'
            end

+            optional :secret_detection_token_revocation_enabled, type: ::Grape::API::Boolean, desc: 'Enable Secret Detection Token Revocation'
+            given secret_detection_token_revocation_enabled: ->(val) { val } do
+              requires :secret_detection_token_revocation_url, type: String, desc: 'The configured Secret Detection Token Revocation instance URL'
+            end
+
            optional :email_additional_text, type: String, desc: 'Additional text added to the bottom of every email for legal/auditing/compliance reasons'
            optional :default_project_deletion_protection, type: Grape::API::Boolean, desc: 'Disable project owners ability to delete project'
            optional :deletion_adjourned_period, type: Integer, desc: 'Number of days between marking project as deleted and actual removal'

--- a/ee/spec/requests/api/settings_spec.rb
+++ b/ee/spec/requests/api/settings_spec.rb
@@ -67,6 +67,31 @@ RSpec.describe API::Settings, 'EE Settings' do
        expect(ElasticsearchIndexedProject.count).to eq(1)
      end
    end
+
+    context 'secret_detection_token_revocation_enabled is true' do
+      context 'secret_detection_token_revocation_url value is present' do
+        it 'updates secret_detection_token_revocation_url' do
+          put api('/application/settings', admin),
+            params: {
+              secret_detection_token_revocation_enabled: true,
+              secret_detection_token_revocation_url: 'https://example.com/secret_detection_token_revocation'
+            }
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response['secret_detection_token_revocation_enabled']).to be(true)
+          expect(json_response['secret_detection_token_revocation_url']).to eq('https://example.com/secret_detection_token_revocation')
+        end
+      end
+
+      context 'missing secret_detection_token_revocation_url value' do
+        it 'returns a blank parameter error message' do
+          put api('/application/settings', admin), params: { secret_detection_token_revocation_enabled: true }
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(json_response['error']).to include('secret_detection_token_revocation_url is missing')
+        end
+      end
+    end
  end

  shared_examples 'settings for licensed features' do

--- a/spec/requests/api/settings_spec.rb
+++ b/spec/requests/api/settings_spec.rb
@@ -22,6 +22,7 @@ RSpec.describe API::Settings, 'Settings' do
      expect(json_response['default_ci_config_path']).to be_nil
      expect(json_response['sourcegraph_enabled']).to be_falsey
      expect(json_response['sourcegraph_url']).to be_nil
+      expect(json_response['secret_detection_token_revocation_url']).to be_nil
      expect(json_response['sourcegraph_public_only']).to be_truthy
      expect(json_response['default_project_visibility']).to be_a String
      expect(json_response['default_snippet_visibility']).to be_a String