Commit 096577ee authored by Mark Chao's avatar Mark Chao

Merge branch 'network-policy-editor-edit-route' into 'master'

Threat monitoring edit action

See merge request gitlab-org/gitlab!41040
parents b6ff71dd 91e92374
......@@ -3,11 +3,27 @@
module Projects
class ThreatMonitoringController < Projects::ApplicationController
before_action :authorize_read_threat_monitoring!
before_action :verify_network_policy_editor_flag!, only: :new
before_action :verify_network_policy_editor_flag!, only: [:new, :edit]
before_action do
push_frontend_feature_flag(:network_policy_editor, project)
end
def edit
environment = project.environments.find(params[:environment_id])
@policy_name = params[:id]
response = NetworkPolicies::FindResourceService.new(
resource_name: @policy_name,
environment: environment,
kind: Gitlab::Kubernetes::CiliumNetworkPolicy::KIND
).execute
if response.success?
@policy = response.payload
else
render_404
end
end
private
def verify_network_policy_editor_flag!
......
# frozen_string_literal: true
module NetworkPolicies
class FindResourceService
include NetworkPolicies::Responses
def initialize(resource_name:, environment:, kind: Gitlab::Kubernetes::NetworkPolicy::KIND)
@resource_name = resource_name
@platform = environment.deployment_platform
@kubernetes_namespace = environment.deployment_namespace
@kind = kind
end
def execute
return no_platform_response unless @platform
ServiceResponse.success(payload: get_policy)
rescue Kubeclient::HttpError => e
kubernetes_error_response(e)
end
private
def get_policy
client = @platform.kubeclient
if @kind == Gitlab::Kubernetes::CiliumNetworkPolicy::KIND
resource = client.get_cilium_network_policy(@resource_name, @kubernetes_namespace)
Gitlab::Kubernetes::CiliumNetworkPolicy.from_resource(resource)
else
resource = client.get_network_policy(@resource_name, @kubernetes_namespace)
Gitlab::Kubernetes::NetworkPolicy.from_resource(resource)
end
end
end
end
- add_to_breadcrumbs s_("ThreatMonitoring|Threat Monitoring"), project_threat_monitoring_path(@project)
- breadcrumb_title @policy_name
- page_title s_("NetworkPolicies|Policy editor")
#js-policy-builder-app{ data: { network_policies_endpoint: project_security_network_policies_path(@project),
environments_endpoint: project_environments_path(@project),
threat_monitoring_path: project_threat_monitoring_path(@project),
policy: @policy.to_json,
} }
......@@ -34,7 +34,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :subscriptions, only: [:create, :destroy]
resource :threat_monitoring, only: [:show], controller: :threat_monitoring do
resources :policies, only: [:new], controller: :threat_monitoring
resources :policies, only: [:new, :edit], controller: :threat_monitoring
end
resources :protected_environments, only: [:create, :update, :destroy], constraints: { id: /\d+/ } do
......
......@@ -100,7 +100,7 @@ RSpec.describe Projects::ThreatMonitoringController do
stub_feature_flags(network_policy_editor: true)
end
it 'renders the show template' do
it 'renders the new template' do
subject
expect(response).to have_gitlab_http_status(:ok)
......@@ -149,4 +149,125 @@ RSpec.describe Projects::ThreatMonitoringController do
end
end
end
describe 'GET edit' do
subject do
get :edit, params: { namespace_id: project.namespace, project_id: project, id: 'policy', environment_id: environment_id }
end
let_it_be(:environment) { create(:environment, :with_review_app, project: project) }
let(:environment_id) { environment.id }
context 'with authorized user' do
before do
project.add_developer(user)
sign_in(user)
end
context 'when feature is available' do
before do
stub_licensed_features(threat_monitoring: true)
end
context 'and feature flag is disabled' do
before do
stub_feature_flags(network_policy_editor: false)
end
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'and feature flag is enabled' do
let(:service) { instance_double('NetworkPolicies::FindResourceService', execute: ServiceResponse.success(payload: policy)) }
let(:policy) do
Gitlab::Kubernetes::CiliumNetworkPolicy.new(
name: 'policy',
namespace: 'another',
selector: { matchLabels: { role: 'db' } },
ingress: [{ from: [{ namespaceSelector: { matchLabels: { project: 'myproject' } } }] }]
)
end
before do
stub_feature_flags(network_policy_editor: true)
allow(NetworkPolicies::FindResourceService).to(
receive(:new)
.with(resource_name: 'policy', environment: environment, kind: Gitlab::Kubernetes::CiliumNetworkPolicy::KIND)
.and_return(service)
)
end
it 'renders the new template' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:edit)
end
context 'when environment is missing' do
let(:environment_id) { 'missing' }
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'when service failed' do
let(:service) { instance_double('NetworkPolicies::FindResourceService', execute: ServiceResponse.error(message: 'error')) }
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
context 'when feature is not available' do
before do
stub_licensed_features(threat_monitoring: false)
end
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'with unauthorized user' do
before do
sign_in(user)
end
context 'when feature is available' do
before do
stub_licensed_features(threat_monitoring: true)
end
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'with anonymous user' do
it 'returns 302' do
subject
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(new_user_session_path)
end
end
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe NetworkPolicies::FindResourceService do
let(:service) { described_class.new(resource_name: 'policy', environment: environment, kind: kind) }
let(:environment) { instance_double('Environment', deployment_platform: platform, deployment_namespace: 'namespace') }
let(:platform) { instance_double('Clusters::Platforms::Kubernetes', kubeclient: kubeclient) }
let(:kubeclient) { double('Kubeclient::Client') }
let(:policy) do
Gitlab::Kubernetes::NetworkPolicy.new(
name: 'policy',
namespace: 'another',
selector: { matchLabels: { role: 'db' } },
ingress: [{ from: [{ namespaceSelector: { matchLabels: { project: 'myproject' } } }] }]
)
end
let(:kind) { Gitlab::Kubernetes::NetworkPolicy::KIND }
describe '#execute' do
subject { service.execute }
it 'returns success response with a requested policy' do
expect(kubeclient).to(
receive(:get_network_policy)
.with('policy', environment.deployment_namespace) { policy.generate }
)
expect(subject).to be_success
expect(subject.payload.as_json).to eq(policy.as_json)
end
context 'with CiliumNetworkPolicy kind' do
let(:kind) { Gitlab::Kubernetes::CiliumNetworkPolicy::KIND }
let(:policy) do
Gitlab::Kubernetes::CiliumNetworkPolicy.new(
name: 'policy',
namespace: 'another',
selector: { matchLabels: { role: 'db' } },
ingress: [{ from: [{ namespaceSelector: { matchLabels: { project: 'myproject' } } }] }]
)
end
it 'returns success response with a requested policy' do
expect(kubeclient).to(
receive(:get_cilium_network_policy)
.with('policy', environment.deployment_namespace) { policy.generate }
)
expect(subject).to be_success
expect(subject.payload.as_json).to eq(policy.as_json)
end
end
context 'without deployment_platform' do
let(:platform) { nil }
it 'returns error response' do
expect(subject).to be_error
expect(subject.http_status).to eq(:bad_request)
expect(subject.message).not_to be_nil
end
end
context 'with Kubeclient::HttpError' do
before do
allow(kubeclient).to receive(:get_network_policy).and_raise(Kubeclient::HttpError.new(500, 'system failure', nil))
end
it 'returns error response' do
expect(subject).to be_error
expect(subject.http_status).to eq(:bad_request)
expect(subject.message).not_to be_nil
end
end
end
end
......@@ -9,7 +9,7 @@ module Gitlab
API_VERSION = "cilium.io/v2"
KIND = 'CiliumNetworkPolicy'
def initialize(name:, namespace:, selector:, ingress:, resource_version:, labels: nil, creation_timestamp: nil, egress: nil)
def initialize(name:, namespace:, selector:, ingress:, resource_version: nil, labels: nil, creation_timestamp: nil, egress: nil)
@name = name
@namespace = namespace
@labels = labels
......
......@@ -92,6 +92,7 @@ module Gitlab
# group client
delegate :create_network_policy,
:get_network_policies,
:get_network_policy,
:update_network_policy,
:delete_network_policy,
to: :networking_client
......@@ -100,6 +101,7 @@ module Gitlab
# group client
delegate :create_cilium_network_policy,
:get_cilium_network_policies,
:get_cilium_network_policy,
:update_cilium_network_policy,
:delete_cilium_network_policy,
to: :cilium_networking_client
......
......@@ -376,6 +376,7 @@ RSpec.describe Gitlab::Kubernetes::KubeClient do
[
:create_network_policy,
:get_network_policies,
:get_network_policy,
:update_network_policy,
:delete_network_policy
].each do |method|
......@@ -400,6 +401,7 @@ RSpec.describe Gitlab::Kubernetes::KubeClient do
[
:create_cilium_network_policy,
:get_cilium_network_policies,
:get_cilium_network_policy,
:update_cilium_network_policy,
:delete_cilium_network_policy
].each do |method|
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment