Add rails app code for revocation API access

Add rails application configuration providing access to revocation API

Add rails app code for revocation API access
Add rails application configuration providing access to revocation API
b7d76560 · rossfuhrman · Mayra Cabrera · 96bb773e · b7d76560 · b7d76560
Commit b7d76560 authored Nov 09, 2020 by rossfuhrman Committed by Mayra Cabrera Nov 09, 2020
7 changed files
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -415,6 +415,7 @@ class ApplicationSetting < ApplicationRecord
  attr_encrypted :slack_app_secret, encryption_options_base_truncated_aes_256_gcm
  attr_encrypted :slack_app_verification_token, encryption_options_base_truncated_aes_256_gcm
  attr_encrypted :ci_jwt_signing_key, encryption_options_base_truncated_aes_256_gcm
+  attr_encrypted :secret_detection_token_revocation_token, encryption_options_base_truncated_aes_256_gcm

  before_validation :ensure_uuid!


--- a/ee/app/helpers/ee/application_settings_helper.rb
+++ b/ee/app/helpers/ee/application_settings_helper.rb
@@ -58,6 +58,9 @@ module EE
        :pseudonymizer_enabled,
        :repository_size_limit,
        :seat_link_enabled,
+        :secret_detection_token_revocation_enabled,
+        :secret_detection_token_revocation_url,
+        :secret_detection_token_revocation_token,
        :shared_runners_minutes,
        :slack_app_enabled,
        :slack_app_id,

--- a/ee/app/models/ee/application_setting.rb
+++ b/ee/app/models/ee/application_setting.rb
@@ -147,6 +147,9 @@ module EE
          pseudonymizer_enabled: false,
          repository_size_limit: 0,
          seat_link_enabled: Settings.gitlab['seat_link_enabled'],
+          secret_detection_token_revocation_enabled: false,
+          secret_detection_token_revocation_url: nil,
+          secret_detection_token_revocation_token: nil,
          slack_app_enabled: false,
          slack_app_id: nil,
          slack_app_secret: nil,

--- a/ee/changelogs/unreleased/270208-app-code.yml
+++ b/ee/changelogs/unreleased/270208-app-code.yml
+---
+title: Add app code for secret detection token revocation
+merge_request: 46337
+author:
+type: added
--- a/ee/lib/ee/api/helpers/settings_helpers.rb
+++ b/ee/lib/ee/api/helpers/settings_helpers.rb
@@ -30,6 +30,11 @@ module EE
              optional :elasticsearch_project_ids, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The project ids to index with Elasticsearch.'
            end

+            optional :secret_detection_token_revocation_enabled, type: ::Grape::API::Boolean, desc: 'Enable Secret Detection Token Revocation'
+            given secret_detection_token_revocation_enabled: ->(val) { val } do
+              requires :secret_detection_token_revocation_url, type: String, desc: 'The configured Secret Detection Token Revocation instance URL'
+            end
+
            optional :email_additional_text, type: String, desc: 'Additional text added to the bottom of every email for legal/auditing/compliance reasons'
            optional :default_project_deletion_protection, type: Grape::API::Boolean, desc: 'Disable project owners ability to delete project'
            optional :deletion_adjourned_period, type: Integer, desc: 'Number of days between marking project as deleted and actual removal'

--- a/ee/spec/requests/api/settings_spec.rb
+++ b/ee/spec/requests/api/settings_spec.rb
@@ -67,6 +67,31 @@ RSpec.describe API::Settings, 'EE Settings' do
        expect(ElasticsearchIndexedProject.count).to eq(1)
      end
    end
+
+    context 'secret_detection_token_revocation_enabled is true' do
+      context 'secret_detection_token_revocation_url value is present' do
+        it 'updates secret_detection_token_revocation_url' do
+          put api('/application/settings', admin),
+            params: {
+              secret_detection_token_revocation_enabled: true,
+              secret_detection_token_revocation_url: 'https://example.com/secret_detection_token_revocation'
+            }
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response['secret_detection_token_revocation_enabled']).to be(true)
+          expect(json_response['secret_detection_token_revocation_url']).to eq('https://example.com/secret_detection_token_revocation')
+        end
+      end
+
+      context 'missing secret_detection_token_revocation_url value' do
+        it 'returns a blank parameter error message' do
+          put api('/application/settings', admin), params: { secret_detection_token_revocation_enabled: true }
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(json_response['error']).to include('secret_detection_token_revocation_url is missing')
+        end
+      end
+    end
  end

  shared_examples 'settings for licensed features' do

--- a/spec/requests/api/settings_spec.rb
+++ b/spec/requests/api/settings_spec.rb
@@ -22,6 +22,7 @@ RSpec.describe API::Settings, 'Settings' do
      expect(json_response['default_ci_config_path']).to be_nil
      expect(json_response['sourcegraph_enabled']).to be_falsey
      expect(json_response['sourcegraph_url']).to be_nil
+      expect(json_response['secret_detection_token_revocation_url']).to be_nil
      expect(json_response['sourcegraph_public_only']).to be_truthy
      expect(json_response['default_project_visibility']).to be_a String
      expect(json_response['default_snippet_visibility']).to be_a String