Merge branch 'enhance_validation_to_consider_scan_result_policy' into 'master'

Enhance policy validation to consider scan result See merge request gitlab-org/gitlab!80555

Merge branch 'enhance_validation_to_consider_scan_result_policy' into 'master'
Enhance policy validation to consider scan result See merge request gitlab-org/gitlab!80555
147cbea4 · Paul Slaughter · a0a98716 · 4504a7f9 · 147cbea4 · 147cbea4
Commit 147cbea4 authored Feb 16, 2022 by Paul Slaughter
3 changed files
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/utils.js
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/utils.js
@@ -71,7 +71,7 @@ const updatePolicy = async ({
 };
 /**
- * Updates the assigned security policy project's policy file with the new policy yaml or creates one (project or file) if one does not exist
+ * Updates the assigned security policy project's policy file with the new policy yaml or creates one file if one does not exist
 * @param {Object} payload contains the currently assigned security policy project (if one exists), the path to the project, and the policy yaml value
 * @returns {Object} contains the currently assigned security policy project and the created merge request
 */

--- a/ee/app/services/security/security_orchestration_policies/validate_policy_service.rb
+++ b/ee/app/services/security/security_orchestration_policies/validate_policy_service.rb
@@ -22,10 +22,12 @@ module Security
      def invalid_policy_type?
        return true if policy[:type].blank?
-        !Security::OrchestrationPolicyConfiguration::AVAILABLE_POLICY_TYPES.include?(policy[:type].to_sym)
+        !Security::OrchestrationPolicyConfiguration::AVAILABLE_POLICY_TYPES.include?(policy_type)
      end
      def blank_branch_for_rule?
+        return false if policy_type == :scan_result_policy
        policy[:rules].any? { |rule| rule[:clusters].blank? && rule[:branches].blank? }
      end
@@ -55,6 +57,10 @@ module Security
          repository.branch_names
        end
      end
+      def policy_type
+        policy[:type].to_sym
+      end
    end
  end
 end
--- a/ee/spec/services/security/security_orchestration_policies/validate_policy_service_spec.rb
+++ b/ee/spec/services/security/security_orchestration_policies/validate_policy_service_spec.rb
@@ -76,12 +76,21 @@ RSpec.describe Security::SecurityOrchestrationPolicies::ValidatePolicyService do
        end
        context 'when branches are missing' do
+          using RSpec::Parameterized::TableSyntax
          let(:branches) { nil }
-          it { expect(result[:status]).to eq(:error) }
+          where(:policy_type, :status, :message) do
-          it { expect(result[:message]).to eq('Policy cannot be enabled without branch information') }
+            'scan_result_policy'    | :success | nil
+            'scan_execution_policy' | :error   | 'Policy cannot be enabled without branch information'
+          end
-          it_behaves_like 'checks only if policy is enabled'
+          with_them do
+            it { expect(result[:status]).to eq(status) }
+            it { expect(result[:message]).to eq(message) }
+            it_behaves_like 'checks only if policy is enabled'
+          end
        end
        context 'when branches are provided' do