Commit 4504a7f9 authored by Zamir Martins's avatar Zamir Martins Committed by Paul Slaughter

Enhance policy validation to consider scan result

policy as its rule can have no branches. It also
clears up a misunderstanding in a comment.

EE: true
parent eebbb1c7
......@@ -71,7 +71,7 @@ const updatePolicy = async ({
};
/**
* Updates the assigned security policy project's policy file with the new policy yaml or creates one (project or file) if one does not exist
* Updates the assigned security policy project's policy file with the new policy yaml or creates one file if one does not exist
* @param {Object} payload contains the currently assigned security policy project (if one exists), the path to the project, and the policy yaml value
* @returns {Object} contains the currently assigned security policy project and the created merge request
*/
......
......@@ -22,10 +22,12 @@ module Security
def invalid_policy_type?
return true if policy[:type].blank?
!Security::OrchestrationPolicyConfiguration::AVAILABLE_POLICY_TYPES.include?(policy[:type].to_sym)
!Security::OrchestrationPolicyConfiguration::AVAILABLE_POLICY_TYPES.include?(policy_type)
end
def blank_branch_for_rule?
return false if policy_type == :scan_result_policy
policy[:rules].any? { |rule| rule[:clusters].blank? && rule[:branches].blank? }
end
......@@ -55,6 +57,10 @@ module Security
repository.branch_names
end
end
def policy_type
policy[:type].to_sym
end
end
end
end
......@@ -76,13 +76,22 @@ RSpec.describe Security::SecurityOrchestrationPolicies::ValidatePolicyService do
end
context 'when branches are missing' do
using RSpec::Parameterized::TableSyntax
let(:branches) { nil }
it { expect(result[:status]).to eq(:error) }
it { expect(result[:message]).to eq('Policy cannot be enabled without branch information') }
where(:policy_type, :status, :message) do
'scan_result_policy' | :success | nil
'scan_execution_policy' | :error | 'Policy cannot be enabled without branch information'
end
with_them do
it { expect(result[:status]).to eq(status) }
it { expect(result[:message]).to eq(message) }
it_behaves_like 'checks only if policy is enabled'
end
end
context 'when branches are provided' do
let(:branches) { ['master'] }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment