Use allowlist of allowed attributes for imported models (part 4)

ee/spec/lib/gitlab/import_export/attributes_permitter_spec.rb

@@ -14,6 +14,7 @@ RSpec.describe Gitlab::ImportExport::AttributesPermitter do
       :unprotect_access_levels | true
       :deploy_access_levels    | true
       :protected_environments  | true
+      :security_setting        | true
     end
 
     with_them do

lib/gitlab/import_export/project/import_export.yml

@@ -272,6 +272,49 @@ included_attributes:
     - :updated_at
     - :filepath
     - :link_type
+  container_expiration_policy:
+    - :created_at
+    - :updated_at
+    - :next_run_at
+    - :project_id
+    - :name_regex
+    - :cadence
+    - :older_than
+    - :keep_n
+    - :enabled
+    - :name_regex_keep
+  project_feature:
+    - :project_id
+    - :merge_requests_access_level
+    - :issues_access_level
+    - :wiki_access_level
+    - :snippets_access_level
+    - :builds_access_level
+    - :created_at
+    - :updated_at
+    - :repository_access_level
+    - :pages_access_level
+    - :forking_access_level
+    - :metrics_dashboard_access_level
+    - :operations_access_level
+    - :analytics_access_level
+    - :security_and_compliance_access_level
+    - :container_registry_access_level
+  prometheus_metrics:
+    - :created_at
+    - :updated_at
+    - :project_id
+    - :y_label
+    - :unit
+    - :legend
+    - :title
+    - :query
+    - :group
+    - :dashboard_path
+  service_desk_setting:
+    - :project_id
+    - :issue_template_key
+    - :project_key
 
 # Do not include the following attributes for the models specified.
 excluded_attributes:
@@ -656,4 +699,13 @@ ee:
       - :name
       - :created_at
       - :updated_at
-
+    project_feature:
+      - :requirements_access_level
+    security_setting:
+      - :project_id
+      - :created_at
+      - :updated_at
+      - :auto_fix_container_scanning
+      - :auto_fix_dast
+      - :auto_fix_dependency_scanning
+      - :auto_fix_sast

spec/lib/gitlab/import_export/attributes_permitter_spec.rb

@@ -81,24 +81,28 @@ RSpec.describe Gitlab::ImportExport::AttributesPermitter do
     let(:attributes_permitter) { described_class.new }
 
     where(:relation_name, :permitted_attributes_defined) do
-      :user                   | false
-      :author                 | false
-      :ci_cd_settings         | true
-      :metrics_setting        | true
-      :project_badges         | true
-      :pipeline_schedules     | true
-      :error_tracking_setting | true
-      :auto_devops            | true
-      :boards                 | true
-      :custom_attributes      | true
-      :labels                 | true
-      :protected_branches     | true
-      :protected_tags         | true
-      :create_access_levels   | true
-      :merge_access_levels    | true
-      :push_access_levels     | true
-      :releases               | true
-      :links                  | true
+      :user                        | false
+      :author                      | false
+      :ci_cd_settings              | true
+      :metrics_setting             | true
+      :project_badges              | true
+      :pipeline_schedules          | true
+      :error_tracking_setting      | true
+      :auto_devops                 | true
+      :boards                      | true
+      :custom_attributes           | true
+      :labels                      | true
+      :protected_branches          | true
+      :protected_tags              | true
+      :create_access_levels        | true
+      :merge_access_levels         | true
+      :push_access_levels          | true
+      :releases                    | true
+      :links                       | true
+      :container_expiration_policy | true
+      :project_feature             | true
+      :prometheus_metrics          | true
+      :service_desk_setting        | true
     end
 
     with_them do

spec/models/bulk_imports/file_transfer/project_config_spec.rb

@@ -80,7 +80,7 @@ RSpec.describe BulkImports::FileTransfer::ProjectConfig do
 
   describe '#tree_relation_definition_for' do
     it 'returns relation definition' do
-      expected = { service_desk_setting: { except: [:outgoing_name, :file_template_project_id], include: [] } }
+      expected = { service_desk_setting: { except: [:outgoing_name, :file_template_project_id], include: [], only: %i[project_id issue_template_key project_key] } }
 
       expect(subject.tree_relation_definition_for('service_desk_setting')).to eq(expected)
     end