Commit 2f7e5e83 authored by Kerri Miller's avatar Kerri Miller

Merge branch '299215-do-not-extend-config-when-policy-is-invalid' into 'master'

Extend pipeline configuration only when policy is valid

See merge request gitlab-org/gitlab!61093
parents 834e985c e925cc5c
...@@ -16,6 +16,7 @@ module Gitlab ...@@ -16,6 +16,7 @@ module Gitlab
def perform def perform
return @config unless project&.feature_available?(:security_orchestration_policies) return @config unless project&.feature_available?(:security_orchestration_policies)
return @config unless security_orchestration_policy_configuration&.enabled? return @config unless security_orchestration_policy_configuration&.enabled?
return @config unless security_orchestration_policy_configuration.policy_configuration_valid?
return @config unless extend_configuration? return @config unless extend_configuration?
merged_config = @config.deep_merge(on_demand_scans_template) merged_config = @config.deep_merge(on_demand_scans_template)
......
...@@ -46,6 +46,29 @@ RSpec.describe Gitlab::Ci::Config::SecurityOrchestrationPolicies::Processor do ...@@ -46,6 +46,29 @@ RSpec.describe Gitlab::Ci::Config::SecurityOrchestrationPolicies::Processor do
end end
end end
shared_examples 'when policy is invalid' do
let_it_be(:policy_yml) do
<<-EOS
scan_execution_policy:
- name: Run DAST in every pipeline
description: This policy enforces to run DAST for every pipeline within the project
enabled: true
rules:
- type: pipeline
branches: "production"
actions:
- scan: dast
site_profile: Site Profile
scanner_profile: Scanner Profile
EOS
end
it 'does not modify the config', :aggregate_failures do
expect(config).not_to receive(:deep_merge)
expect(subject).to eq(config)
end
end
context 'when feature is not licensed' do context 'when feature is not licensed' do
it 'does not modify the config' do it 'does not modify the config' do
expect(subject).to eq(config) expect(subject).to eq(config)
...@@ -91,6 +114,7 @@ RSpec.describe Gitlab::Ci::Config::SecurityOrchestrationPolicies::Processor do ...@@ -91,6 +114,7 @@ RSpec.describe Gitlab::Ci::Config::SecurityOrchestrationPolicies::Processor do
end end
it_behaves_like 'with pipeline source applicable for CI' it_behaves_like 'with pipeline source applicable for CI'
it_behaves_like 'when policy is invalid'
context 'when DAST profiles are found' do context 'when DAST profiles are found' do
let_it_be(:dast_scanner_profile) { create(:dast_scanner_profile, project: project, name: 'Scanner Profile') } let_it_be(:dast_scanner_profile) { create(:dast_scanner_profile, project: project, name: 'Scanner Profile') }
...@@ -133,6 +157,7 @@ RSpec.describe Gitlab::Ci::Config::SecurityOrchestrationPolicies::Processor do ...@@ -133,6 +157,7 @@ RSpec.describe Gitlab::Ci::Config::SecurityOrchestrationPolicies::Processor do
end end
it_behaves_like 'with pipeline source applicable for CI' it_behaves_like 'with pipeline source applicable for CI'
it_behaves_like 'when policy is invalid'
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment