Merge branch '282429-backend-gpg-keys-credentials-inventory' into 'master'

Add GPG Key Finder for display on admin credentials dashboard

See merge request gitlab-org/gitlab!49835

app/models/gpg_key.rb

@@ -127,3 +127,5 @@ class GpgKey < ApplicationRecord
     end
   end
 end
+
+GpgKey.prepend_if_ee('EE::GpgKey')

ee/app/controllers/admin/credentials_controller.rb

@@ -8,6 +8,7 @@ class Admin::CredentialsController < Admin::ApplicationController
   helper_method :credentials_inventory_path, :user_detail_path, :personal_access_token_revoke_path, :revoke_button_available?, :ssh_key_delete_path
 
   before_action :check_license_credentials_inventory_available!, only: [:index, :revoke, :destroy]
+  before_action :check_gpg_keys_list_enabled!, only: [:index]
 
   track_unique_visits :index, target_id: 'i_compliance_credential_inventory'
 
@@ -19,11 +20,20 @@ class Admin::CredentialsController < Admin::ApplicationController
     render_404 unless credentials_inventory_feature_available?
   end
 
+  def check_gpg_keys_list_enabled!
+    render_404 if show_gpg_keys? && Feature.disabled?(:credential_inventory_gpg_keys)
+  end
+
   override :credentials_inventory_path
   def credentials_inventory_path(args)
     admin_credentials_path(args)
   end
 
+  override :filter_credentials
+  def filter_credentials
+    show_gpg_keys? ? ::GpgKeysFinder.new(users: users).execute : super
+  end
+
   override :user_detail_path
   def user_detail_path(user)
     admin_user_path(user)

ee/app/finders/gpg_keys_finder.rb

+# frozen_string_literal: true
+
+class GpgKeysFinder
+  def initialize(**params)
+    @params = params
+  end
+
+  def execute
+    keys = GpgKey.all
+    by_users(keys)
+  end
+
+  private
+
+  attr_reader :params
+
+  def by_users(keys)
+    return keys unless params[:users]
+
+    keys.for_user(params[:users])
+  end
+end

ee/app/helpers/credentials_inventory_helper.rb

 # frozen_string_literal: true
 
 module CredentialsInventoryHelper
-  VALID_FILTERS = %w(ssh_keys personal_access_tokens).freeze
+  VALID_FILTERS = %w(ssh_keys personal_access_tokens gpg_keys).freeze
 
   def show_personal_access_tokens?
     return true if params[:filter] == 'personal_access_tokens'
@@ -13,6 +13,10 @@ module CredentialsInventoryHelper
     params[:filter] == 'ssh_keys'
   end
 
+  def show_gpg_keys?
+    params[:filter] == 'gpg_keys'
+  end
+
   def credentials_inventory_feature_available?
     License.feature_available?(:credentials_inventory)
   end

ee/app/models/ee/gpg_key.rb

+# frozen_string_literal: true
+
+module EE
+  module GpgKey
+    extend ActiveSupport::Concern
+
+    prepended do
+      scope :preload_users, -> { preload(:user) }
+      scope :for_user, -> (user) { where(user: user) }
+    end
+  end
+end

ee/config/feature_flags/development/credential_inventory_gpg_keys.yml

+---
+name: credential_inventory_gpg_keys
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/49835
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/292961
+milestone: '13.8'
+type: development
+group: group::compliance
+default_enabled: false

ee/spec/controllers/admin/credentials_controller_spec.rb

@@ -66,6 +66,28 @@ RSpec.describe Admin::CredentialsController do
               expect(assigns(:credentials)).to match_array(ssh_keys)
             end
           end
+
+          context 'credential type specified as `gpg_keys`' do
+            it 'filters by gpg keys' do
+              gpg_key = create(:gpg_key)
+
+              get :index, params: { filter: 'gpg_keys' }
+
+              expect(assigns(:credentials)).to match_array([gpg_key])
+            end
+
+            context 'feature flag is disabled' do
+              before do
+                stub_feature_flags(credential_inventory_gpg_keys: false)
+              end
+
+              it 'responds with not found' do
+                get :index, params: { filter: 'gpg_keys' }
+
+                expect(response).to have_gitlab_http_status(:not_found)
+              end
+            end
+          end
         end
       end
 

ee/spec/finders/gpg_keys_finder_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe GpgKeysFinder do
+  let(:params) { {} }
+
+  let_it_be(:gpg_key_1) { create(:gpg_key) }
+  let_it_be(:gpg_key_2) { create(:another_gpg_key) }
+
+  subject { described_class.new(**params).execute }
+
+  describe '#execute' do
+    context 'with no parameters' do
+      it 'returns all GPG keys' do
+        expect(subject).to contain_exactly(gpg_key_1, gpg_key_2)
+      end
+    end
+
+    context 'with defined user parameters' do
+      let(:params) do
+        { users: [gpg_key_1.user] }
+      end
+
+      it 'returns gpg keys belonging to those users' do
+        expect(subject).to contain_exactly(gpg_key_1)
+      end
+    end
+  end
+end

ee/spec/helpers/credentials_inventory_helper_spec.rb

@@ -51,6 +51,22 @@ RSpec.describe CredentialsInventoryHelper do
     end
   end
 
+  describe '#show_gpg_keys?' do
+    subject { show_gpg_keys? }
+
+    context 'when filtering by gpg_keys' do
+      let(:filter) { 'gpg_keys' }
+
+      it { is_expected.to be true }
+    end
+
+    context 'when filtering by personal_access_tokens' do
+      let(:filter) { 'personal_access_tokens' }
+
+      it { is_expected.to be false }
+    end
+  end
+
   describe '#show_personal_access_tokens?' do
     subject { show_personal_access_tokens? }
 

ee/spec/models/ee/gpg_key_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe GpgKey do
+  let_it_be(:gpg_key) { create(:gpg_key) }
+  let_it_be(:gpg_key_2) { create(:another_gpg_key) }
+  let(:user) { gpg_key.user }
+
+  describe '.for_user' do
+    subject { GpgKey.for_user(user) }
+
+    it { is_expected.to contain_exactly(gpg_key) }
+  end
+end