Merge branch '215668-settings-auto-fix' into 'master'

Add model for auto-fix settings

See merge request gitlab-org/gitlab!32577

changelogs/unreleased/215668-settings-auto-fix.yml

+---
+title: Add model for project level security auto-fix settings
+merge_request: 32577
+author:
+type: added

db/migrate/20200604143628_create_project_security_settings.rb

+# frozen_string_literal: true
+
+class CreateProjectSecuritySettings < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def up
+    with_lock_retries do
+      create_table :project_security_settings, id: false do |t|
+        t.references :project, primary_key: true, index: false, foreign_key: { on_delete: :cascade }
+        t.timestamps_with_timezone
+
+        t.boolean :auto_fix_container_scanning, default: true, null: false
+        t.boolean :auto_fix_dast, default: true, null: false
+        t.boolean :auto_fix_dependency_scanning, default: true, null: false
+        t.boolean :auto_fix_sast, default: true, null: false
+      end
+    end
+  end
+
+  def down
+    with_lock_retries do
+      drop_table :project_security_settings
+    end
+  end
+end

db/structure.sql

@@ -5316,6 +5316,25 @@ CREATE SEQUENCE public.project_repository_storage_moves_id_seq
 
 ALTER SEQUENCE public.project_repository_storage_moves_id_seq OWNED BY public.project_repository_storage_moves.id;
 
+CREATE TABLE public.project_security_settings (
+    project_id bigint NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL,
+    auto_fix_container_scanning boolean DEFAULT true NOT NULL,
+    auto_fix_dast boolean DEFAULT true NOT NULL,
+    auto_fix_dependency_scanning boolean DEFAULT true NOT NULL,
+    auto_fix_sast boolean DEFAULT true NOT NULL
+);
+
+CREATE SEQUENCE public.project_security_settings_project_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE public.project_security_settings_project_id_seq OWNED BY public.project_security_settings.project_id;
+
 CREATE TABLE public.project_settings (
     project_id integer NOT NULL,
     created_at timestamp with time zone NOT NULL,
@@ -7822,6 +7841,8 @@ ALTER TABLE ONLY public.project_repository_states ALTER COLUMN id SET DEFAULT ne
 
 ALTER TABLE ONLY public.project_repository_storage_moves ALTER COLUMN id SET DEFAULT nextval('public.project_repository_storage_moves_id_seq'::regclass);
 
+ALTER TABLE ONLY public.project_security_settings ALTER COLUMN project_id SET DEFAULT nextval('public.project_security_settings_project_id_seq'::regclass);
+
 ALTER TABLE ONLY public.project_statistics ALTER COLUMN id SET DEFAULT nextval('public.project_statistics_id_seq'::regclass);
 
 ALTER TABLE ONLY public.project_tracing_settings ALTER COLUMN id SET DEFAULT nextval('public.project_tracing_settings_id_seq'::regclass);
@@ -8748,6 +8769,9 @@ ALTER TABLE ONLY public.project_repository_states
 ALTER TABLE ONLY public.project_repository_storage_moves
     ADD CONSTRAINT project_repository_storage_moves_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY public.project_security_settings
+    ADD CONSTRAINT project_security_settings_pkey PRIMARY KEY (project_id);
+
 ALTER TABLE ONLY public.project_settings
     ADD CONSTRAINT project_settings_pkey PRIMARY KEY (project_id);
 
@@ -12711,6 +12735,9 @@ ALTER TABLE ONLY public.ci_daily_report_results
 ALTER TABLE ONLY public.cluster_providers_aws
     ADD CONSTRAINT fk_rails_ed1fdfaeb2 FOREIGN KEY (created_by_user_id) REFERENCES public.users(id) ON DELETE SET NULL;
 
+ALTER TABLE ONLY public.project_security_settings
+    ADD CONSTRAINT fk_rails_ed4abe1338 FOREIGN KEY (project_id) REFERENCES public.projects(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY public.ci_daily_build_group_report_results
     ADD CONSTRAINT fk_rails_ee072d13b3 FOREIGN KEY (last_pipeline_id) REFERENCES public.ci_pipelines(id) ON DELETE CASCADE;
 
@@ -13806,5 +13833,6 @@ COPY "schema_migrations" (version) FROM STDIN;
 20200528171933
 20200601210148
 20200603073101
+20200604143628
 \.
 

ee/app/models/ee/project.rb

@@ -46,6 +46,7 @@ module EE
       has_one :feature_usage, class_name: 'ProjectFeatureUsage'
       has_one :status_page_setting, inverse_of: :project, class_name: 'StatusPage::ProjectSetting'
       has_one :compliance_framework_setting, class_name: 'ComplianceManagement::ComplianceFramework::ProjectSettings', inverse_of: :project
+      has_one :security_setting, class_name: 'ProjectSecuritySetting'
 
       has_many :approvers, as: :target, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
       has_many :approver_users, through: :approvers, source: :user

ee/app/models/project_security_setting.rb

+# frozen_string_literal: true
+#
+class ProjectSecuritySetting < ApplicationRecord
+  self.primary_key = :project_id
+
+  belongs_to :project, inverse_of: :security_setting
+end

ee/lib/ee/gitlab/import_export/project/relation_factory.rb

@@ -9,7 +9,8 @@ module EE
 
           EE_OVERRIDES = {
             deploy_access_levels: 'ProtectedEnvironment::DeployAccessLevel',
-            unprotect_access_levels: 'ProtectedBranch::UnprotectAccessLevel'
+            unprotect_access_levels: 'ProtectedBranch::UnprotectAccessLevel',
+            security_setting: 'ProjectSecuritySetting'
           }.freeze
 
           class_methods do

ee/spec/factories/project_security_settings.rb

+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :project_security_setting do
+    project
+  end
+end

ee/spec/models/project_security_setting_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe ProjectSecuritySetting do
+  subject { create(:project_security_setting) }
+
+  describe 'associations' do
+    it { is_expected.to belong_to(:project) }
+  end
+end

ee/spec/models/project_spec.rb

@@ -27,6 +27,7 @@ RSpec.describe Project do
     it { is_expected.to have_one(:repository_state).class_name('ProjectRepositoryState').inverse_of(:project) }
     it { is_expected.to have_one(:status_page_setting).class_name('StatusPage::ProjectSetting') }
     it { is_expected.to have_one(:compliance_framework_setting).class_name('ComplianceManagement::ComplianceFramework::ProjectSettings') }
+    it { is_expected.to have_one(:security_setting).class_name('ProjectSecuritySetting') }
 
     it { is_expected.to have_many(:path_locks) }
     it { is_expected.to have_many(:vulnerability_feedback) }

lib/gitlab/import_export/project/import_export.yml

@@ -397,3 +397,4 @@ ee:
       - protected_environments:
         - :deploy_access_levels
       - :service_desk_setting
+      - :security_setting

spec/lib/gitlab/import_export/all_models.yml

@@ -481,6 +481,7 @@ project:
 - upstream_project_subscriptions
 - downstream_project_subscriptions
 - service_desk_setting
+- security_setting
 - import_failures
 - container_expiration_policy
 - resource_groups

spec/lib/gitlab/import_export/import_test_coverage_spec.rb

@@ -51,6 +51,7 @@ describe 'Test coverage of the Project Import' do
       project.metrics_setting
       project.boards.lists.label.priorities
       project.service_desk_setting
+      project.security_setting
     ].freeze
   end
 

spec/lib/gitlab/import_export/safe_model_attributes.yml

@@ -864,3 +864,11 @@ SystemNoteMetadata:
   - action
   - created_at
   - updated_at
+ProjectSecuritySetting:
+  - project_id
+  - auto_fix_container_scanning
+  - auto_fix_dast
+  - auto_fix_dependency_scanning
+  - auto_fix_sast
+  - created_at
+  - updated_at