Merge branch '247935-update-dast-profiles-routes-create-routes' into 'master'

Create new DAST profiles routes Closes #247935 See merge request gitlab-org/gitlab!42600

Merge branch '247935-update-dast-profiles-routes-create-routes' into 'master'
Create new DAST profiles routes Closes #247935 See merge request gitlab-org/gitlab!42600
06debdcf · Miguel Rincon · 5ee505e4 · b7c2645a · 06debdcf · 06debdcf
Commit 06debdcf authored Sep 21, 2020 by Miguel Rincon
25 changed files
--- a/ee/app/assets/javascripts/pages/projects/security/dast_profiles/index.js
+++ b/ee/app/assets/javascripts/pages/projects/security/dast_profiles/index.js
+import initDastProfiles from 'ee/dast_profiles/dast_profiles_bundle';
+
+document.addEventListener('DOMContentLoaded', initDastProfiles);
--- a/ee/app/assets/javascripts/pages/projects/security/dast_scanner_profiles/edit/index.js
+++ b/ee/app/assets/javascripts/pages/projects/security/dast_scanner_profiles/edit/index.js
+import initDastScannerProfileForm from 'ee/dast_scanner_profiles/dast_scanner_profiles_bundle';
+
+document.addEventListener('DOMContentLoaded', initDastScannerProfileForm);
--- a/ee/app/assets/javascripts/pages/projects/security/dast_scanner_profiles/new/index.js
+++ b/ee/app/assets/javascripts/pages/projects/security/dast_scanner_profiles/new/index.js
+import initDastScannerProfileForm from 'ee/dast_scanner_profiles/dast_scanner_profiles_bundle';
+
+document.addEventListener('DOMContentLoaded', initDastScannerProfileForm);
--- a/ee/app/assets/javascripts/pages/projects/security/dast_site_profiles/edit/index.js
+++ b/ee/app/assets/javascripts/pages/projects/security/dast_site_profiles/edit/index.js
+import initDastSiteProfileForm from 'ee/dast_site_profiles_form';
+
+document.addEventListener('DOMContentLoaded', initDastSiteProfileForm);
--- a/ee/app/assets/javascripts/pages/projects/security/dast_site_profiles/new/index.js
+++ b/ee/app/assets/javascripts/pages/projects/security/dast_site_profiles/new/index.js
+import initDastSiteProfileForm from 'ee/dast_site_profiles_form';
+
+document.addEventListener('DOMContentLoaded', initDastSiteProfileForm);
--- a/ee/app/controllers/projects/dast_profiles_controller.rb
+++ b/ee/app/controllers/projects/dast_profiles_controller.rb
@@ -7,7 +7,7 @@ module Projects
      push_frontend_feature_flag(:security_on_demand_scans_scanner_profiles, project, default_enabled: true)
    end

-    def index
+    def show
    end
  end
 end
--- a/ee/app/controllers/projects/security/dast_profiles_controller.rb
+++ b/ee/app/controllers/projects/security/dast_profiles_controller.rb
+# frozen_string_literal: true
+
+module Projects
+  module Security
+    class DastProfilesController < Projects::ApplicationController
+      before_action :authorize_read_on_demand_scans!
+      before_action do
+        push_frontend_feature_flag(:security_on_demand_scans_scanner_profiles, project, default_enabled: true)
+      end
+
+      def show
+      end
+    end
+  end
+end
--- a/ee/app/controllers/projects/security/dast_scanner_profiles_controller.rb
+++ b/ee/app/controllers/projects/security/dast_scanner_profiles_controller.rb
+# frozen_string_literal: true
+
+module Projects
+  module Security
+    class DastScannerProfilesController < Projects::ApplicationController
+      before_action :authorize_read_on_demand_scans!
+
+      def new
+      end
+
+      def edit
+        @scanner_profile = @project
+          .dast_scanner_profiles
+          .find(params[:id])
+      end
+    end
+  end
+end
--- a/ee/app/controllers/projects/security/dast_site_profiles_controller.rb
+++ b/ee/app/controllers/projects/security/dast_site_profiles_controller.rb
+# frozen_string_literal: true
+
+module Projects
+  module Security
+    class DastSiteProfilesController < Projects::ApplicationController
+      before_action do
+        authorize_read_on_demand_scans!
+        push_frontend_feature_flag(:security_on_demand_scans_site_validation, @project)
+      end
+
+      def new
+      end
+
+      def edit
+        @site_profile = DastSiteProfilesFinder.new(project_id: @project.id, id: params[:id]).execute.first! # rubocop: disable CodeReuse/ActiveRecord
+      end
+    end
+  end
+end
--- a/ee/app/views/projects/dast_profiles/index.html.haml
+++ b/ee/app/views/projects/dast_profiles/index.html.haml
--- a/ee/app/views/projects/security/dast_profiles/show.html.haml
+++ b/ee/app/views/projects/security/dast_profiles/show.html.haml
+- add_to_breadcrumbs _('Security Configuration'), project_security_configuration_path(@project)
+- breadcrumb_title s_('DastProfiles|Manage profiles')
+- page_title s_('DastProfiles|Manage profiles')
+
+.js-dast-profiles{ data: { new_dast_site_profile_path: new_project_security_configuration_dast_profiles_dast_site_profile_path(@project),
+  new_dast_scanner_profile_path: new_project_security_configuration_dast_profiles_dast_scanner_profile_path(@project),
+  project_full_path: @project.path_with_namespace } }
--- a/ee/app/views/projects/security/dast_scanner_profiles/edit.html.haml
+++ b/ee/app/views/projects/security/dast_scanner_profiles/edit.html.haml
+- add_to_breadcrumbs _('Security Configuration'), project_security_configuration_path(@project)
+- add_to_breadcrumbs s_('DastProfiles|Manage profiles'), project_security_configuration_dast_profiles_path(@project, anchor: 'scanner-profiles')
+- breadcrumb_title s_('DastProfiles|Edit scanner profile')
+- page_title s_('DastProfiles|Edit scanner profile')
+
+.js-dast-scanner-profile-form{ data: { project_full_path: @project.path_with_namespace,
+profiles_library_path: project_security_configuration_dast_profiles_path(@project, anchor: 'scanner-profiles'),
+scanner_profile: { id: @scanner_profile.to_global_id.to_s, name: @scanner_profile.name, spider_timeout: @scanner_profile.spider_timeout, target_timeout: @scanner_profile.target_timeout }.to_json } }
--- a/ee/app/views/projects/security/dast_scanner_profiles/new.html.haml
+++ b/ee/app/views/projects/security/dast_scanner_profiles/new.html.haml
+- add_to_breadcrumbs _('Security Configuration'), project_security_configuration_path(@project)
+- add_to_breadcrumbs s_('DastProfiles|Manage profiles'), project_security_configuration_dast_profiles_path(@project, anchor: 'scanner-profiles')
+- breadcrumb_title s_('DastProfiles|New scanner profile')
+- page_title s_('DastProfiles|New scanner profile')
+
+.js-dast-scanner-profile-form{ data: { project_full_path: @project.path_with_namespace,
+profiles_library_path: project_security_configuration_dast_profiles_path(@project, anchor: 'scanner-profiles') } }
--- a/ee/app/views/projects/security/dast_site_profiles/edit.html.haml
+++ b/ee/app/views/projects/security/dast_site_profiles/edit.html.haml
+- add_to_breadcrumbs _('Security Configuration'), project_security_configuration_path(@project)
+- add_to_breadcrumbs s_('DastProfiles|Manage profiles'), project_security_configuration_dast_profiles_path(@project, anchor: 'site-profiles')
+- breadcrumb_title s_('DastProfiles|Edit site profile')
+- page_title s_('DastProfiles|Edit site profile')
+
+.js-dast-site-profile-form{ data: { full_path: @project.path_with_namespace,
+profiles_library_path: project_security_configuration_dast_profiles_path(@project, anchor: 'site-profiles'),
+site_profile: { id: @site_profile.to_global_id.to_s, name: @site_profile.name, target_url: @site_profile.dast_site.url }.to_json } }
--- a/ee/app/views/projects/security/dast_site_profiles/new.html.haml
+++ b/ee/app/views/projects/security/dast_site_profiles/new.html.haml
+- add_to_breadcrumbs _('Security Configuration'), project_security_configuration_path(@project)
+- add_to_breadcrumbs s_('DastProfiles|Manage profiles'), project_security_configuration_dast_profiles_path(@project, anchor: 'site-profiles')
+- breadcrumb_title s_('DastProfiles|New site profile')
+- page_title s_('DastProfiles|New site profile')
+
+.js-dast-site-profile-form{ data: { full_path: @project.path_with_namespace,
+profiles_library_path: project_security_configuration_dast_profiles_path(@project, anchor: 'site-profiles') } }
--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -59,6 +59,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
          resource :configuration, only: [:show], controller: :configuration do
            post :auto_fix, on: :collection
            resource :sast, only: [:show, :create], controller: :sast_configuration
+            resource :dast_profiles, only: [:show], controller: :dast_profiles do
+              resources :dast_site_profiles, only: [:new, :edit]
+              resources :dast_scanner_profiles, only: [:new, :edit]
+            end
          end

          resource :discover, only: [:show], controller: :discover
@@ -93,7 +97,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
        scope :on_demand_scans do
          root 'on_demand_scans#index', as: 'on_demand_scans'
          scope :profiles do
-            root 'dast_profiles#index', as: 'profiles'
+            root 'dast_profiles#show', as: 'profiles'
            resources :dast_site_profiles, only: [:new, :edit]
            resources :dast_scanner_profiles, only: [:new, :edit]
          end

--- a/ee/spec/requests/projects/security/dast_profiles_controller_spec.rb
+++ b/ee/spec/requests/projects/security/dast_profiles_controller_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Projects::Security::DastProfilesController, type: :request do
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+
+  describe 'GET #index' do
+    context 'feature available' do
+      before do
+        stub_feature_flags(security_on_demand_scans_feature_flag: true)
+        stub_licensed_features(security_on_demand_scans: true)
+      end
+
+      context 'user authorized' do
+        before do
+          project.add_developer(user)
+
+          login_as(user)
+        end
+
+        it 'can access page' do
+          get project_security_configuration_dast_profiles_path(project)
+
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+
+      context 'user not authorized' do
+        before do
+          project.add_guest(user)
+
+          login_as(user)
+        end
+
+        it 'sees a 404 error' do
+          get project_security_configuration_dast_profiles_path(project)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+
+    context 'feature not available' do
+      before do
+        project.add_developer(user)
+
+        login_as(user)
+      end
+
+      context 'feature flag is disabled' do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: false)
+          stub_licensed_features(security_on_demand_scans: true)
+          get project_security_configuration_dast_profiles_path(project)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+
+      context 'license doesnt\'t support the feature' do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: true)
+          stub_licensed_features(security_on_demand_scans: false)
+          get project_security_configuration_dast_profiles_path(project)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+  end
+end
--- a/ee/spec/requests/projects/security/dast_scanner_profiles_controller_spec.rb
+++ b/ee/spec/requests/projects/security/dast_scanner_profiles_controller_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Projects::Security::DastScannerProfilesController, type: :request do
+  let_it_be(:project) { create(:project) }
+  let_it_be(:user) { create(:user) }
+  let_it_be(:dast_scanner_profile) { create(:dast_scanner_profile, project: project) }
+
+  shared_context 'on-demand scans feature available' do
+    before do
+      stub_feature_flags(security_on_demand_scans_feature_flag: true)
+      stub_licensed_features(security_on_demand_scans: true)
+    end
+  end
+
+  shared_context 'user authorized' do
+    before(:all) do
+      project.add_developer(user)
+    end
+
+    before do
+      login_as(user)
+    end
+  end
+
+  shared_examples 'a GET request' do
+    context 'feature available' do
+      include_context 'on-demand scans feature available'
+
+      context 'user authorized' do
+        include_context 'user authorized'
+
+        it 'can access page' do
+          get path
+
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+
+      context 'user not authorized' do
+        before do
+          project.add_guest(user)
+
+          login_as(user)
+        end
+
+        it 'sees a 404 error' do
+          get path
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+
+    context 'feature not available' do
+      using RSpec::Parameterized::TableSyntax
+
+      include_context 'user authorized'
+
+      where(:feature_flag_enabled, :license_support) do
+        false | true
+        true  | false
+      end
+
+      with_them do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: feature_flag_enabled)
+          stub_licensed_features(security_on_demand_scans: license_support)
+          get path
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+  end
+
+  describe 'GET #new' do
+    it_behaves_like 'a GET request' do
+      let(:path) { new_project_security_configuration_dast_profiles_dast_scanner_profile_path(project) }
+    end
+  end
+
+  describe 'GET #edit' do
+    include_context 'user authorized'
+    include_context 'on-demand scans feature available'
+
+    let(:edit_path) { edit_project_security_configuration_dast_profiles_dast_scanner_profile_path(project, dast_scanner_profile) }
+
+    it_behaves_like 'a GET request' do
+      let(:path) { edit_path }
+    end
+
+    it 'sets scanner_profile' do
+      get edit_path
+      expect(assigns(:scanner_profile)).to eq(dast_scanner_profile)
+    end
+  end
+end
--- a/ee/spec/requests/projects/security/dast_site_profiles_controller_spec.rb
+++ b/ee/spec/requests/projects/security/dast_site_profiles_controller_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Projects::Security::DastSiteProfilesController, type: :request do
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+  let(:dast_site_profile) { create(:dast_site_profile, project: project) }
+
+  def with_feature_available
+    stub_feature_flags(security_on_demand_scans_feature_flag: true)
+    stub_licensed_features(security_on_demand_scans: true)
+  end
+
+  def with_user_authorized
+    project.add_developer(user)
+    login_as(user)
+  end
+
+  shared_examples 'a GET request' do
+    context 'feature available' do
+      before do
+        with_feature_available
+      end
+
+      context 'user authorized' do
+        before do
+          with_user_authorized
+        end
+
+        it 'can access page' do
+          get path
+
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+
+      context 'user not authorized' do
+        before do
+          project.add_guest(user)
+
+          login_as(user)
+        end
+
+        it 'sees a 404 error' do
+          get path
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+
+    context 'feature not available' do
+      before do
+        with_user_authorized
+      end
+
+      context 'feature flag is disabled' do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: false)
+          stub_licensed_features(security_on_demand_scans: true)
+          get path
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+
+      context 'license doesnt\'t support the feature' do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: true)
+          stub_licensed_features(security_on_demand_scans: false)
+          get path
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+  end
+
+  describe 'GET #new' do
+    it_behaves_like 'a GET request' do
+      let(:path) { new_project_security_configuration_dast_profiles_dast_site_profile_path(project) }
+    end
+  end
+
+  describe 'GET #edit' do
+    let(:edit_path) { edit_project_security_configuration_dast_profiles_dast_site_profile_path(project, dast_site_profile) }
+
+    it_behaves_like 'a GET request' do
+      let(:path) { edit_path }
+    end
+  end
+end
--- a/ee/spec/views/projects/dast_profiles/index.html.haml_spec.rb
+++ b/ee/spec/views/projects/dast_profiles/index.html.haml_spec.rb
@@ -2,7 +2,7 @@

 require 'spec_helper'

-RSpec.describe "projects/dast_profiles/index", type: :view do
+RSpec.describe "projects/dast_profiles/show", type: :view do
  before do
    @project = create(:project)
    render

--- a/ee/spec/views/projects/security/dast_profiles/show.html.haml_spec.rb
+++ b/ee/spec/views/projects/security/dast_profiles/show.html.haml_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe "projects/security/dast_profiles/show", type: :view do
+  before do
+    @project = create(:project)
+    render
+  end
+
+  it 'renders Vue app root' do
+    expect(rendered).to have_selector('.js-dast-profiles')
+  end
+
+  it 'passes new dast site profile path' do
+    expect(rendered).to include '/security/configuration/dast_profiles/dast_site_profiles/new'
+  end
+
+  it 'passes new dast scanner profile path' do
+    expect(rendered).to include '/security/configuration/dast_profiles/dast_scanner_profiles/new'
+  end
+
+  it 'passes project\'s full path' do
+    expect(rendered).to include @project.path_with_namespace
+  end
+end
--- a/ee/spec/views/projects/security/dast_scanner_profiles/edit.html.haml_spec.rb
+++ b/ee/spec/views/projects/security/dast_scanner_profiles/edit.html.haml_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe "projects/security/dast_scanner_profiles/edit", type: :view do
+  let_it_be(:scanner_profile) { create(:dast_scanner_profile) }
+  let_it_be(:scanner_profile_gid) { ::URI::GID.parse("gid://gitlab/DastScannerProfile/#{scanner_profile.id}") }
+
+  before do
+    assign(:project, scanner_profile.project)
+    assign(:scanner_profile, scanner_profile)
+    assign(:scanner_profile_gid, scanner_profile_gid)
+    render
+  end
+
+  it 'renders Vue app root' do
+    expect(rendered).to have_selector('.js-dast-scanner-profile-form')
+  end
+
+  it 'passes project\'s full path' do
+    expect(rendered).to include scanner_profile.project.path_with_namespace
+  end
+
+  it 'passes DAST profiles library URL' do
+    expect(rendered).to include '/security/configuration/dast_profiles'
+  end
+
+  it 'passes DAST scanner profile\'s data' do
+    expect(rendered).to include scanner_profile_gid.to_s
+    expect(rendered).to include scanner_profile.name
+    expect(rendered).to include scanner_profile.spider_timeout.to_s
+    expect(rendered).to include scanner_profile.target_timeout.to_s
+  end
+end
--- a/ee/spec/views/projects/security/dast_scanner_profiles/new.html.haml_spec.rb
+++ b/ee/spec/views/projects/security/dast_scanner_profiles/new.html.haml_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe "projects/security/dast_scanner_profiles/new", type: :view do
+  before do
+    @project = create(:project)
+    render
+  end
+
+  it 'renders Vue app root' do
+    expect(rendered).to have_selector('.js-dast-scanner-profile-form')
+  end
+
+  it 'passes project\'s full path' do
+    expect(rendered).to include @project.path_with_namespace
+  end
+
+  it 'passes DAST profiles library URL' do
+    expect(rendered).to include '/security/configuration/dast_profiles#scanner-profiles'
+  end
+end
--- a/ee/spec/views/projects/security/dast_site_profiles/edit.html.haml_spec.rb
+++ b/ee/spec/views/projects/security/dast_site_profiles/edit.html.haml_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe "projects/security/dast_site_profiles/edit", type: :view do
+  let_it_be(:site_profile) { create(:dast_site_profile) }
+  let_it_be(:site_profile_gid) { ::URI::GID.parse("gid://gitlab/DastSiteProfile/#{site_profile.id}") }
+
+  before do
+    assign(:project, site_profile.project)
+    assign(:site_profile, site_profile)
+    assign(:site_profile_gid, site_profile_gid)
+    render
+  end
+
+  it 'renders Vue app root' do
+    expect(rendered).to have_selector('.js-dast-site-profile-form')
+  end
+
+  it 'passes project\'s full path' do
+    expect(rendered).to include site_profile.project.path_with_namespace
+  end
+
+  it 'passes DAST profiles library URL' do
+    expect(rendered).to include '/security/configuration/dast_profiles#site-profiles'
+  end
+
+  it 'passes DAST site profile\'s data' do
+    expect(rendered).to include site_profile_gid.to_s
+    expect(rendered).to include site_profile.name
+    expect(rendered).to include site_profile.dast_site.url
+  end
+end
--- a/ee/spec/views/projects/security/dast_site_profiles/new.html.haml_spec.rb
+++ b/ee/spec/views/projects/security/dast_site_profiles/new.html.haml_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe "projects/security/dast_site_profiles/new", type: :view do
+  before do
+    @project = create(:project)
+    render
+  end
+
+  it 'renders Vue app root' do
+    expect(rendered).to have_selector('.js-dast-site-profile-form')
+  end
+
+  it 'passes project\'s full path' do
+    expect(rendered).to include @project.path_with_namespace
+  end
+
+  it 'passes DAST profiles library URL' do
+    expect(rendered).to include '/security/configuration/dast_profiles#site-profiles'
+  end
+end