Deprecate fullPath from DAST on-demand mutations

73f76499 · Philip Cunningham · Bob Van Landuyt · a0d10fed · 73f76499 · 73f76499
Commit 73f76499 authored Oct 21, 2021 by Philip Cunningham Committed by Bob Van Landuyt Oct 21, 2021
21 changed files
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -1598,7 +1598,7 @@ Input type: `DastProfileRunInput`
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="mutationdastprofilerunclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationdastprofilerunfullpath"></a>`fullPath` | [`ID!`](#id) | Full path for the project the scanner profile belongs to. |
+| <a id="mutationdastprofilerunfullpath"></a>`fullPath` **{warning-solid}** | [`ID`](#id) | **Deprecated:** Full path not required to qualify Global ID. Deprecated in 14.5. |
 | <a id="mutationdastprofilerunid"></a>`id` | [`DastProfileID!`](#dastprofileid) | ID of the profile to be used for the scan. |
 #### Fields
@@ -1623,7 +1623,7 @@ Input type: `DastProfileUpdateInput`
 | <a id="mutationdastprofileupdatedastscannerprofileid"></a>`dastScannerProfileId` | [`DastScannerProfileID`](#dastscannerprofileid) | ID of the scanner profile to be associated. |
 | <a id="mutationdastprofileupdatedastsiteprofileid"></a>`dastSiteProfileId` | [`DastSiteProfileID`](#dastsiteprofileid) | ID of the site profile to be associated. |
 | <a id="mutationdastprofileupdatedescription"></a>`description` | [`String`](#string) | Description of the profile. Defaults to an empty string. |
-| <a id="mutationdastprofileupdatefullpath"></a>`fullPath` | [`ID!`](#id) | Project the profile belongs to. |
+| <a id="mutationdastprofileupdatefullpath"></a>`fullPath` **{warning-solid}** | [`ID`](#id) | **Deprecated:** Full path not required to qualify Global ID. Deprecated in 14.5. |
 | <a id="mutationdastprofileupdateid"></a>`id` | [`DastProfileID!`](#dastprofileid) | ID of the profile to be deleted. |
 | <a id="mutationdastprofileupdatename"></a>`name` | [`String`](#string) | Name of the profile. |
 | <a id="mutationdastprofileupdaterunafterupdate"></a>`runAfterUpdate` | [`Boolean`](#boolean) | Run scan using profile after update. Defaults to false. |
@@ -1671,7 +1671,7 @@ Input type: `DastScannerProfileDeleteInput`
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="mutationdastscannerprofiledeleteclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationdastscannerprofiledeletefullpath"></a>`fullPath` | [`ID!`](#id) | Full path for the project the scanner profile belongs to. |
+| <a id="mutationdastscannerprofiledeletefullpath"></a>`fullPath` **{warning-solid}** | [`ID`](#id) | **Deprecated:** Full path not required to qualify Global ID. Deprecated in 14.5. |
 | <a id="mutationdastscannerprofiledeleteid"></a>`id` | [`DastScannerProfileID!`](#dastscannerprofileid) | ID of the scanner profile to be deleted. |
 #### Fields
@@ -1690,7 +1690,7 @@ Input type: `DastScannerProfileUpdateInput`
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="mutationdastscannerprofileupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationdastscannerprofileupdatefullpath"></a>`fullPath` | [`ID!`](#id) | Project the scanner profile belongs to. |
+| <a id="mutationdastscannerprofileupdatefullpath"></a>`fullPath` **{warning-solid}** | [`ID`](#id) | **Deprecated:** Full path not required to qualify Global ID. Deprecated in 14.5. |
 | <a id="mutationdastscannerprofileupdateid"></a>`id` | [`DastScannerProfileID!`](#dastscannerprofileid) | ID of the scanner profile to be updated. |
 | <a id="mutationdastscannerprofileupdateprofilename"></a>`profileName` | [`String!`](#string) | Name of the scanner profile. |
 | <a id="mutationdastscannerprofileupdatescantype"></a>`scanType` | [`DastScanTypeEnum`](#dastscantypeenum) | Indicates the type of DAST scan that will run. Either a Passive Scan or an Active Scan. |
@@ -1741,7 +1741,7 @@ Input type: `DastSiteProfileDeleteInput`
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="mutationdastsiteprofiledeleteclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationdastsiteprofiledeletefullpath"></a>`fullPath` | [`ID!`](#id) | Project the site profile belongs to. |
+| <a id="mutationdastsiteprofiledeletefullpath"></a>`fullPath` **{warning-solid}** | [`ID`](#id) | **Deprecated:** Full path not required to qualify Global ID. Deprecated in 14.5. |
 | <a id="mutationdastsiteprofiledeleteid"></a>`id` | [`DastSiteProfileID!`](#dastsiteprofileid) | ID of the site profile to be deleted. |
 #### Fields
@@ -1762,7 +1762,7 @@ Input type: `DastSiteProfileUpdateInput`
 | <a id="mutationdastsiteprofileupdateauth"></a>`auth` | [`DastSiteProfileAuthInput`](#dastsiteprofileauthinput) | Parameters for authentication. |
 | <a id="mutationdastsiteprofileupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
 | <a id="mutationdastsiteprofileupdateexcludedurls"></a>`excludedUrls` | [`[String!]`](#string) | URLs to skip during an authenticated scan. |
-| <a id="mutationdastsiteprofileupdatefullpath"></a>`fullPath` | [`ID!`](#id) | Project the site profile belongs to. |
+| <a id="mutationdastsiteprofileupdatefullpath"></a>`fullPath` **{warning-solid}** | [`ID`](#id) | **Deprecated:** Full path not required to qualify Global ID. Deprecated in 14.5. |
 | <a id="mutationdastsiteprofileupdateid"></a>`id` | [`DastSiteProfileID!`](#dastsiteprofileid) | ID of the site profile to be updated. |
 | <a id="mutationdastsiteprofileupdateprofilename"></a>`profileName` | [`String!`](#string) | Name of the site profile. |
 | <a id="mutationdastsiteprofileupdaterequestheaders"></a>`requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. |

--- a/ee/app/graphql/mutations/app_sec/dast/site_profiles/shared_arguments.rb
+++ b/ee/app/graphql/mutations/app_sec/dast/site_profiles/shared_arguments.rb
@@ -10,10 +10,6 @@ module Mutations
          SiteProfileID = ::Types::GlobalIDType[::DastSiteProfile]
          included do
-            argument :full_path, GraphQL::Types::ID,
-                     required: true,
-                     description: 'Project the site profile belongs to.'
            argument :profile_name, GraphQL::Types::String,
                     required: true,
                     description: 'Name of the site profile.'

--- a/ee/app/graphql/mutations/dast/profiles/run.rb
+++ b/ee/app/graphql/mutations/dast/profiles/run.rb
@@ -15,7 +15,8 @@ module Mutations
              description: 'URL of the pipeline that was created.'
        argument :full_path, GraphQL::Types::ID,
-                 required: true,
+                 required: false,
+                 deprecated: { reason: 'Full path not required to qualify Global ID', milestone: '14.5' },
                 description: 'Full path for the project the scanner profile belongs to.'
        argument :id, ProfileID,
@@ -24,17 +25,10 @@ module Mutations
        authorize :create_on_demand_dast_scan
-        def resolve(full_path:, id:)
+        def resolve(id:, full_path: nil)
-          project = authorized_find!(full_path)
+          dast_profile = authorized_find!(id)
-          # TODO: remove this line once the compatibility layer is removed
-          # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
-          id = ProfileID.coerce_isolated_input(id).model_id
-          dast_profile = find_dast_profile(project, id)
-          return { errors: ['Profile not found for given parameters'] } unless dast_profile
-          response = create_on_demand_dast_scan(project, dast_profile)
+          response = create_on_demand_dast_scan(dast_profile)
          return { errors: response.errors } if response.error?
@@ -43,15 +37,17 @@ module Mutations
        private
-        def find_dast_profile(project, id)
+        def find_object(id)
-          ::Dast::ProfilesFinder.new(project_id: project.id, id: id)
+          # TODO: remove this line when the compatibility layer is removed
-            .execute
+          # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
-            .first
+          id = ProfileID.coerce_isolated_input(id)
+          GitlabSchema.find_by_gid(id)
        end
-        def create_on_demand_dast_scan(project, dast_profile)
+        def create_on_demand_dast_scan(dast_profile)
          ::AppSec::Dast::Scans::CreateService.new(
-            container: project,
+            container: dast_profile.project,
            current_user: current_user,
            params: { dast_profile: dast_profile }
          ).execute

--- a/ee/app/graphql/mutations/dast/profiles/update.rb
+++ b/ee/app/graphql/mutations/dast/profiles/update.rb
@@ -27,12 +27,13 @@ module Mutations
                 description: 'ID of the profile to be deleted.'
        argument :full_path, GraphQL::Types::ID,
-                 required: true,
+                 required: false,
+                 deprecated: { reason: 'Full path not required to qualify Global ID', milestone: '14.5' },
                 description: 'Project the profile belongs to.'
        argument :dast_profile_schedule, ::Types::Dast::ProfileScheduleInputType,
-              required: false,
+                 required: false,
-              description: 'Represents a DAST profile schedule. Results in an error if `dast_on_demand_scans_scheduler` feature flag is disabled.'
+                 description: 'Represents a DAST profile schedule. Results in an error if `dast_on_demand_scans_scheduler` feature flag is disabled.'
        argument :name, GraphQL::Types::String,
                 required: false,
@@ -62,12 +63,9 @@ module Mutations
        authorize :create_on_demand_dast_scan
-        def resolve(full_path:, id:, name:, description:, branch_name: nil, dast_scanner_profile_id: nil, run_after_update: false, **args)
+        def resolve(id:, name:, description:, full_path: nil, branch_name: nil, dast_scanner_profile_id: nil, run_after_update: false, **args)
-          project = authorized_find!(full_path)
+          dast_profile = authorized_find!(id)
-          raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless allowed?(args[:dast_profile_schedule], project)
+          raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless allowed?(args[:dast_profile_schedule], dast_profile.project)
-          dast_profile = find_dast_profile(project.id, id)
-          authorize!(dast_profile)
          params = {
            dast_profile: dast_profile,
@@ -81,7 +79,7 @@ module Mutations
          }.compact
          response = ::AppSec::Dast::Profiles::UpdateService.new(
-            container: project,
+            container: dast_profile.project,
            current_user: current_user,
            params: params
          ).execute
@@ -109,14 +107,12 @@ module Mutations
          klass.coerce_isolated_input(value).model_id
        end
-        def find_dast_profile(project_id, id)
+        def find_object(id)
-          # TODO: remove this line once the compatibility layer is removed
+          # TODO: remove this line when the compatibility layer is removed
          # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
-          id = ProfileID.coerce_isolated_input(id).model_id
+          id = ProfileID.coerce_isolated_input(id)
-          ::Dast::ProfilesFinder.new(project_id: project_id, id: id)
+          GitlabSchema.find_by_gid(id)
-            .execute
-            .first
        end
      end
    end

--- a/ee/app/graphql/mutations/dast_scanner_profiles/delete.rb
+++ b/ee/app/graphql/mutations/dast_scanner_profiles/delete.rb
@@ -10,24 +10,21 @@ module Mutations
      ScannerProfileID = ::Types::GlobalIDType[::DastScannerProfile]
      argument :full_path, GraphQL::Types::ID,
-                required: true,
+               required: false,
-                description: 'Full path for the project the scanner profile belongs to.'
+               deprecated: { reason: 'Full path not required to qualify Global ID', milestone: '14.5' },
+               description: 'Full path for the project the scanner profile belongs to.'
      argument :id, ScannerProfileID,
-                required: true,
+               required: true,
-                description: 'ID of the scanner profile to be deleted.'
+               description: 'ID of the scanner profile to be deleted.'
      authorize :create_on_demand_dast_scan
-      def resolve(full_path:, id:)
+      def resolve(id:, full_path: nil)
-        # TODO: remove this line once the compatibility layer is removed
+        dast_scanner_profile = authorized_find!(id)
-        # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
-        id = ScannerProfileID.coerce_isolated_input(id)
-        project = authorized_find!(full_path)
-        service = ::AppSec::Dast::ScannerProfiles::DestroyService.new(project, current_user)
+        service = ::AppSec::Dast::ScannerProfiles::DestroyService.new(dast_scanner_profile.project, current_user)
-        result = service.execute(id: id.model_id)
+        result = service.execute(id: dast_scanner_profile.id)
        if result.success?
          { errors: [] }
@@ -35,6 +32,16 @@ module Mutations
          { errors: result.errors }
        end
      end
+      private
+      def find_object(id)
+        # TODO: remove this line when the compatibility layer is removed
+        # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
+        id = ScannerProfileID.coerce_isolated_input(id)
+        GitlabSchema.find_by_gid(id)
+      end
    end
  end
 end
--- a/ee/app/graphql/mutations/dast_scanner_profiles/update.rb
+++ b/ee/app/graphql/mutations/dast_scanner_profiles/update.rb
@@ -7,56 +7,55 @@ module Mutations
      graphql_name 'DastScannerProfileUpdate'
-      field :id, ::Types::GlobalIDType[::DastScannerProfile],
+      ScannerProfileID = ::Types::GlobalIDType[::DastScannerProfile]
+      field :id, ScannerProfileID,
            null: true,
            description: 'ID of the scanner profile.'
      argument :full_path, GraphQL::Types::ID,
-                required: true,
+               required: false,
-                description: 'Project the scanner profile belongs to.'
+               deprecated: { reason: 'Full path not required to qualify Global ID', milestone: '14.5' },
+               description: 'Project the scanner profile belongs to.'
      argument :id, ::Types::GlobalIDType[::DastScannerProfile],
-                required: true,
+               required: true,
-                description: 'ID of the scanner profile to be updated.'
+               description: 'ID of the scanner profile to be updated.'
      argument :profile_name, GraphQL::Types::String,
-                required: true,
+               required: true,
-                description: 'Name of the scanner profile.'
+               description: 'Name of the scanner profile.'
      argument :spider_timeout, GraphQL::Types::Int,
-                required: true,
+               required: true,
-                description: 'Maximum number of minutes allowed for the spider to traverse the site.'
+               description: 'Maximum number of minutes allowed for the spider to traverse the site.'
      argument :target_timeout, GraphQL::Types::Int,
-                required: true,
+               required: true,
-                description: 'Maximum number of seconds allowed for the site under test to respond to a request.'
+               description: 'Maximum number of seconds allowed for the site under test to respond to a request.'
      argument :scan_type, Types::DastScanTypeEnum,
-                required: false,
+               required: false,
-                description: 'Indicates the type of DAST scan that will run. ' \
+               description: 'Indicates the type of DAST scan that will run. ' \
-                'Either a Passive Scan or an Active Scan.'
+                            'Either a Passive Scan or an Active Scan.'
      argument :use_ajax_spider, GraphQL::Types::Boolean,
-                required: false,
+               required: false,
-                description: 'Indicates if the AJAX spider should be used to crawl the target site. ' \
+               description: 'Indicates if the AJAX spider should be used to crawl the target site. ' \
-                'True to run the AJAX spider in addition to the traditional spider, and false to run only the traditional spider.'
+                            'True to run the AJAX spider in addition to the traditional spider, and false to run only the traditional spider.'
      argument :show_debug_messages, GraphQL::Types::Boolean,
-                required: false,
+               required: false,
-                description: 'Indicates if debug messages should be included in DAST console output. ' \
+               description: 'Indicates if debug messages should be included in DAST console output. ' \
-                'True to include the debug messages.'
+                            'True to include the debug messages.'
      authorize :create_on_demand_dast_scan
-      def resolve(full_path:, **service_args)
+      def resolve(id:, full_path: nil, **service_args)
-        # TODO: remove this explicit coercion once the compatibility layer is removed
+        dast_scanner_profile = authorized_find!(id)
-        # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
-        gid = ::Types::GlobalIDType[::DastScannerProfile].coerce_isolated_input(service_args[:id])
-        project = authorized_find!(full_path)
-        service = ::AppSec::Dast::ScannerProfiles::UpdateService.new(project, current_user)
+        service = ::AppSec::Dast::ScannerProfiles::UpdateService.new(dast_scanner_profile.project, current_user)
-        result = service.execute(**service_args, id: gid.model_id)
+        result = service.execute(**service_args, id: dast_scanner_profile.id)
        if result.success?
          { id: result.payload.to_global_id, errors: [] }
@@ -64,6 +63,16 @@ module Mutations
          { errors: result.errors }
        end
      end
+      private
+      def find_object(id)
+        # TODO: remove this line when the compatibility layer is removed
+        # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
+        id = ScannerProfileID.coerce_isolated_input(id)
+        GitlabSchema.find_by_gid(id)
+      end
    end
  end
 end
--- a/ee/app/graphql/mutations/dast_site_profiles/create.rb
+++ b/ee/app/graphql/mutations/dast_site_profiles/create.rb
@@ -12,6 +12,10 @@ module Mutations
            null: true,
            description: 'ID of the site profile.'
+      argument :full_path, GraphQL::Types::ID,
+               required: true,
+               description: 'Project the site profile belongs to.'
      argument :excluded_urls, [GraphQL::Types::String],
               required: false,
               default_value: [],

--- a/ee/app/graphql/mutations/dast_site_profiles/delete.rb
+++ b/ee/app/graphql/mutations/dast_site_profiles/delete.rb
@@ -5,24 +5,24 @@ module Mutations
    class Delete < BaseMutation
      graphql_name 'DastSiteProfileDelete'
+      ProfileID = ::Types::GlobalIDType[::DastSiteProfile]
      argument :full_path, GraphQL::Types::ID,
-               required: true,
+               required: false,
+               deprecated: { reason: 'Full path not required to qualify Global ID', milestone: '14.5' },
               description: 'Project the site profile belongs to.'
-      argument :id, Mutations::AppSec::Dast::SiteProfiles::SharedArguments::SiteProfileID,
+      argument :id, ProfileID,
               required: true,
               description: 'ID of the site profile to be deleted.'
      authorize :create_on_demand_dast_scan
-      def resolve(full_path:, id:)
+      def resolve(id:, full_path: nil)
-        project = authorized_find!(full_path)
+        dast_site_profile = authorized_find!(id)
-        # TODO: remove explicit coercion once compatibility layer is removed
-        # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
-        id = ::Types::GlobalIDType[::DastSiteProfile].coerce_isolated_input(id)
-        service = ::AppSec::Dast::SiteProfiles::DestroyService.new(project, current_user)
+        service = ::AppSec::Dast::SiteProfiles::DestroyService.new(dast_site_profile.project, current_user)
-        result = service.execute(id: id.model_id)
+        result = service.execute(id: dast_site_profile.id)
        return { errors: result.errors } unless result.success?
@@ -31,8 +31,12 @@ module Mutations
      private
-      def find_object(full_path)
+      def find_object(id)
-        Project.find_by_full_path(full_path)
+        # TODO: remove this line when the compatibility layer is removed
+        # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
+        id = ProfileID.coerce_isolated_input(id)
+        GitlabSchema.find_by_gid(id)
      end
    end
  end

--- a/ee/app/graphql/mutations/dast_site_profiles/update.rb
+++ b/ee/app/graphql/mutations/dast_site_profiles/update.rb
@@ -12,6 +12,11 @@ module Mutations
            null: true,
            description: 'ID of the site profile.'
+      argument :full_path, GraphQL::Types::ID,
+               required: false,
+               deprecated: { reason: 'Full path not required to qualify Global ID', milestone: '14.5' },
+               description: 'Project the site profile belongs to.'
      argument :id, SiteProfileID,
               required: true,
               description: 'ID of the site profile to be updated.'
@@ -22,15 +27,15 @@ module Mutations
      authorize :create_on_demand_dast_scan
-      def resolve(full_path:, id:, profile_name:, target_url: nil, **params)
+      def resolve(id:, full_path: nil, profile_name:, target_url: nil, **params)
-        project = authorized_find!(full_path)
+        dast_site_profile = authorized_find!(id)
        auth_params = params[:auth] || {}
        # TODO: remove explicit coercion once compatibility layer has been removed
        # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
        dast_site_profile_params = {
-          id: SiteProfileID.coerce_isolated_input(id).model_id,
+          id: dast_site_profile.id,
          name: profile_name,
          target_url: target_url,
          target_type: params[:target_type],
@@ -44,10 +49,20 @@ module Mutations
          auth_password: auth_params[:password]
        }.compact
-        result = ::AppSec::Dast::SiteProfiles::UpdateService.new(project, current_user).execute(**dast_site_profile_params)
+        result = ::AppSec::Dast::SiteProfiles::UpdateService.new(dast_site_profile.project, current_user).execute(**dast_site_profile_params)
        { id: result.payload.try(:to_global_id), errors: result.errors }
      end
+      private
+      def find_object(id)
+        # TODO: remove this line when the compatibility layer is removed
+        # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
+        id = SiteProfileID.coerce_isolated_input(id)
+        GitlabSchema.find_by_gid(id)
+      end
    end
  end
 end
--- a/ee/spec/graphql/mutations/dast/profiles/run_spec.rb
+++ b/ee/spec/graphql/mutations/dast/profiles/run_spec.rb
@@ -8,7 +8,6 @@ RSpec.describe Mutations::Dast::Profiles::Run do
  let_it_be(:user) { create(:user) }
  let_it_be(:dast_profile) { create(:dast_profile, project: project, branch_name: project.default_branch) }
-  let(:full_path) { project.full_path }
  let(:dast_profile_id) { dast_profile.to_global_id }
  subject(:mutation) { described_class.new(object: nil, context: { current_user: user }, field: nil) }
@@ -17,10 +16,7 @@ RSpec.describe Mutations::Dast::Profiles::Run do
  describe '#resolve' do
    subject do
-      mutation.resolve(
+      mutation.resolve(id: dast_profile_id)
-        full_path: full_path,
-        id: dast_profile_id
-      )
    end
    context 'when on demand scan licensed feature is not available' do
@@ -35,14 +31,6 @@ RSpec.describe Mutations::Dast::Profiles::Run do
        stub_licensed_features(security_on_demand_scans: true)
      end
-      context 'when the project does not exist' do
-        let(:full_path) { SecureRandom.hex }
-        it 'raises an exception' do
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
      context 'when the user can run a dast scan' do
        before do
          project.add_developer(user)
@@ -74,8 +62,8 @@ RSpec.describe Mutations::Dast::Profiles::Run do
        context 'when the dast_profile does not exist' do
          let(:dast_profile_id) { Gitlab::GlobalId.build(nil, model_name: 'Dast::Profile', id: 'does_not_exist') }
-          it 'communicates failure' do
+          it 'raises an exception' do
-            expect(subject[:errors]).to include('Profile not found for given parameters')
+            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
          end
        end

--- a/ee/spec/graphql/mutations/dast/profiles/update_spec.rb
+++ b/ee/spec/graphql/mutations/dast/profiles/update_spec.rb
@@ -38,7 +38,7 @@ RSpec.describe Mutations::Dast::Profiles::Update do
  specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
  describe '#resolve' do
-    subject { mutation.resolve(**params.merge(full_path: project.full_path)) }
+    subject { mutation.resolve(**params) }
    shared_examples 'an unrecoverable failure' do |parameter|
      it 'raises an exception' do
@@ -93,10 +93,7 @@ RSpec.describe Mutations::Dast::Profiles::Update do
            let(:new_dast_profile_schedule) { attributes_for(:dast_profile_schedule) }
            subject do
-              mutation.resolve(**params.merge(
+              mutation.resolve(**params.merge(dast_profile_schedule: new_dast_profile_schedule))
-                full_path: project.full_path,
-                dast_profile_schedule: new_dast_profile_schedule
-              ))
            end
            context 'when dast_on_demand_scans_scheduler feature is enabled' do

--- a/ee/spec/graphql/mutations/dast_scanner_profiles/delete_spec.rb
+++ b/ee/spec/graphql/mutations/dast_scanner_profiles/delete_spec.rb
@@ -5,7 +5,6 @@ require 'spec_helper'
 RSpec.describe Mutations::DastScannerProfiles::Delete do
  let_it_be(:project) { create(:project) }
  let_it_be(:user) { create(:user) }
-  let_it_be(:full_path) { project.full_path }
  let_it_be(:dast_scanner_profile) { create(:dast_scanner_profile, project: project) }
  let(:dast_scanner_profile_id) { dast_scanner_profile.to_global_id }
@@ -20,18 +19,7 @@ RSpec.describe Mutations::DastScannerProfiles::Delete do
  describe '#resolve' do
    subject do
-      mutation.resolve(
+      mutation.resolve(id: dast_scanner_profile_id)
-        full_path: full_path,
-        id: dast_scanner_profile_id
-      )
-    end
-    context 'when the project does not exist' do
-      let(:full_path) { SecureRandom.hex }
-      it 'raises an exception' do
-        expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-      end
    end
    context 'when the user is not associated with the project' do
@@ -52,8 +40,8 @@ RSpec.describe Mutations::DastScannerProfiles::Delete do
      context 'when the dast_scanner_profile does not exist' do
        let(:dast_scanner_profile_id) { Gitlab::GlobalId.build(nil, model_name: 'DastScannerProfile', id: 'does_not_exist') }
-        it 'returns an error' do
+        it 'raises an exception' do
-          expect(subject[:errors]).to include('Scanner profile not found for given parameters')
+          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
        end
      end

--- a/ee/spec/graphql/mutations/dast_scanner_profiles/update_spec.rb
+++ b/ee/spec/graphql/mutations/dast_scanner_profiles/update_spec.rb
@@ -6,7 +6,6 @@ RSpec.describe Mutations::DastScannerProfiles::Update do
  let_it_be(:group) { create(:group) }
  let_it_be(:project) { create(:project, group: group) }
  let_it_be(:user) { create(:user) }
-  let_it_be(:full_path) { project.full_path }
  let_it_be(:dast_scanner_profile) { create(:dast_scanner_profile, project: project, target_timeout: 200, spider_timeout: 5000) }
  let_it_be(:new_profile_name) { SecureRandom.hex }
@@ -27,7 +26,6 @@ RSpec.describe Mutations::DastScannerProfiles::Update do
  describe '#resolve' do
    subject do
      mutation.resolve(
-        full_path: full_path,
        id: scanner_profile_id,
        profile_name: new_profile_name,
        target_timeout: new_target_timeout,
@@ -41,14 +39,6 @@ RSpec.describe Mutations::DastScannerProfiles::Update do
    let(:scanner_profile_id) { dast_scanner_profile.to_global_id }
    context 'when on demand scan feature is enabled' do
-      context 'when the project does not exist' do
-        let(:full_path) { SecureRandom.hex }
-        it 'raises an exception' do
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
      context 'when the user can run a DAST scan' do
        before do
          project.add_developer(user)
@@ -57,7 +47,6 @@ RSpec.describe Mutations::DastScannerProfiles::Update do
        context 'when the user omits unrequired elements' do
          subject do
            mutation.resolve(
-              full_path: full_path,
              id: scanner_profile_id,
              profile_name: new_profile_name,
              target_timeout: new_target_timeout,
@@ -93,7 +82,7 @@ RSpec.describe Mutations::DastScannerProfiles::Update do
          let(:scanner_profile_id) { Gitlab::GlobalId.build(nil, model_name: 'DastScannerProfile', id: 'does_not_exist') }
          it 'raises an exception' do
-            expect(subject[:errors]).to include('Scanner profile not found for given parameters')
+            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
          end
        end
      end

--- a/ee/spec/graphql/mutations/dast_site_profiles/delete_spec.rb
+++ b/ee/spec/graphql/mutations/dast_site_profiles/delete_spec.rb
@@ -6,7 +6,6 @@ RSpec.describe Mutations::DastSiteProfiles::Delete do
  let(:group) { create(:group) }
  let(:project) { create(:project, group: group) }
  let(:user) { create(:user) }
-  let(:full_path) { project.full_path }
  let!(:dast_site_profile) { create(:dast_site_profile, project: project) }
  subject(:mutation) { described_class.new(object: nil, context: { current_user: user }, field: nil) }
@@ -19,21 +18,10 @@ RSpec.describe Mutations::DastSiteProfiles::Delete do
  describe '#resolve' do
    subject do
-      mutation.resolve(
+      mutation.resolve(id: dast_site_profile.to_global_id)
-        full_path: full_path,
-        id: dast_site_profile.to_global_id
-      )
    end
    context 'when on demand scan feature is enabled' do
-      context 'when the project does not exist' do
-        let(:full_path) { SecureRandom.hex }
-        it 'raises an exception' do
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
      context 'when the user can run a dast scan' do
        before do
          project.add_developer(user)

--- a/ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
+++ b/ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
@@ -8,7 +8,6 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
  let_it_be(:user) { create(:user) }
  let_it_be(:dast_site_profile) { create(:dast_site_profile, project: project) }
-  let(:full_path) { project.full_path }
  let(:new_profile_name) { SecureRandom.hex }
  let(:new_target_url) { generate(:url) }
  let(:new_excluded_urls) { ["#{new_target_url}/signout"] }
@@ -37,7 +36,6 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
  describe '#resolve' do
    subject do
      mutation.resolve(
-        full_path: full_path,
        id: dast_site_profile.to_global_id,
        profile_name: new_profile_name,
        target_url: new_target_url,
@@ -49,14 +47,6 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
    end
    context 'when on demand scan feature is enabled' do
-      context 'when the project does not exist' do
-        let(:full_path) { SecureRandom.hex }
-        it 'raises an exception' do
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
      context 'when the user can run a dast scan' do
        before do
          project.add_developer(user)
@@ -67,7 +57,7 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
          result = ServiceResponse.error(message: '')
          service_params = {
-            id: dast_site_profile.id.to_s,
+            id: dast_site_profile.id,
            name: new_profile_name,
            target_url: new_target_url,
            target_type: new_target_type,
@@ -112,7 +102,6 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
          context 'when the arguments are omitted' do
            subject do
              mutation.resolve(
-                full_path: full_path,
                id: dast_site_profile.to_global_id,
                profile_name: new_profile_name
              )
@@ -128,7 +117,6 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
          context 'when the arguments are empty strings' do
            subject do
              mutation.resolve(
-                full_path: full_path,
                id: dast_site_profile.to_global_id,
                profile_name: new_profile_name,
                request_headers: '',

--- a/ee/spec/requests/api/graphql/mutations/dast/profiles/run_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/dast/profiles/run_spec.rb
@@ -12,11 +12,7 @@ RSpec.describe 'Running a DAST Profile' do
  let(:mutation_name) { :dast_profile_run }
  let(:mutation) do
-    graphql_mutation(
+    graphql_mutation(mutation_name, id: global_id_of(dast_profile))
-      mutation_name,
-      full_path: project.full_path,
-      id: global_id_of(dast_profile)
-    )
  end
  it_behaves_like 'an on-demand scan mutation when user cannot run an on-demand scan'

--- a/ee/spec/requests/api/graphql/mutations/dast/profiles/update_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/dast/profiles/update_spec.rb
@@ -14,7 +14,6 @@ RSpec.describe 'Updating a DAST Profile' do
  let(:mutation) do
    graphql_mutation(
      mutation_name,
-      full_path: project.full_path,
      id: global_id_of(dast_profile),
      name: 'updated dast_profiles.name',
      branch_name: project.default_branch,

--- a/ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/delete_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/delete_spec.rb
@@ -14,11 +14,7 @@ RSpec.describe 'Delete a DAST Scanner Profile' do
  let(:mutation_name) { :dast_scanner_profile_delete }
  let(:mutation) do
-    graphql_mutation(
+    graphql_mutation(mutation_name, id: dast_scanner_profile_id)
-      mutation_name,
-      full_path: full_path,
-      id: dast_scanner_profile_id
-    )
  end
  it_behaves_like 'an on-demand scan mutation when user cannot run an on-demand scan'
@@ -27,17 +23,10 @@ RSpec.describe 'Delete a DAST Scanner Profile' do
      expect { subject }.to change { DastScannerProfile.count }.by(-1)
    end
-    context 'when the dast_scanner_profile belongs to another project' do
-      let_it_be(:other_project) { create(:project, creator: current_user) }
-      let_it_be(:full_path) { other_project.full_path }
-      it_behaves_like 'a mutation that returns a top-level access error'
-    end
    context 'when the dast_scanner_profile does not exist' do
      let(:dast_scanner_profile_id) { Gitlab::GlobalId.build(nil, model_name: 'DastScannerProfile', id: non_existing_record_id) }
-      it_behaves_like 'a mutation that returns errors in the response', errors: ['Scanner profile not found for given parameters']
+      it_behaves_like 'a mutation that returns top-level errors', errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
    end
  end
 end
--- a/ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/update_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/update_spec.rb
@@ -22,7 +22,6 @@ RSpec.describe 'Update a DAST Scanner Profile' do
  let(:mutation) do
    graphql_mutation(
      mutation_name,
-      full_path: full_path,
      id: dast_scanner_profile_id,
      profile_name: new_profile_name,
      target_timeout: new_target_timeout,
@@ -66,14 +65,7 @@ RSpec.describe 'Update a DAST Scanner Profile' do
    context 'when the dast_scanner_profile does not exist' do
      let(:dast_scanner_profile_id) { Gitlab::GlobalId.build(nil, model_name: 'DastScannerProfile', id: non_existing_record_id) }
-      it_behaves_like 'a mutation that returns errors in the response', errors: ['Scanner profile not found for given parameters']
+      it_behaves_like 'a mutation that returns top-level errors', errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
-    end
-    context 'when the dast_scanner_profile belongs to a different project' do
-      let_it_be(:other_project) { create(:project, creator: current_user) }
-      let_it_be(:full_path) { other_project.full_path }
-      it_behaves_like 'a mutation that returns a top-level access error'
    end
  end
 end
--- a/ee/spec/requests/api/graphql/mutations/dast_site_profiles/delete_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/dast_site_profiles/delete_spec.rb
@@ -2,7 +2,7 @@
 require 'spec_helper'
-RSpec.describe 'Creating a DAST Site Profile' do
+RSpec.describe 'Deleting a DAST Site Profile' do
  include GraphqlHelpers
  let_it_be(:project) { create(:project) }
@@ -13,11 +13,7 @@ RSpec.describe 'Creating a DAST Site Profile' do
  let(:mutation_name) { :dast_site_profile_delete }
  let(:mutation) do
-    graphql_mutation(
+    graphql_mutation(mutation_name, id: dast_site_profile_id)
-      mutation_name,
-      full_path: full_path,
-      id: dast_site_profile_id
-    )
  end
  it_behaves_like 'an on-demand scan mutation when user cannot run an on-demand scan'
@@ -40,7 +36,7 @@ RSpec.describe 'Creating a DAST Site Profile' do
    context 'when the dast_site_profile does not exist' do
      let_it_be(:dast_site_profile_id) { Gitlab::GlobalId.build(nil, model_name: 'DastSiteProfile', id: non_existing_record_id) }
-      it_behaves_like 'a mutation that returns errors in the response', errors: ['Site profile not found for given parameters']
+      it_behaves_like 'a mutation that returns top-level errors', errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
    end
    context 'when wrong type of global id is passed' do
@@ -54,12 +50,5 @@ RSpec.describe 'Creating a DAST Site Profile' do
        end
      end
    end
-    context 'when the dast_site_profile belongs to a different project' do
-      let_it_be(:other_project) { create(:project) }
-      let_it_be(:full_path) { other_project.full_path }
-      it_behaves_like 'a mutation that returns a top-level access error'
-    end
  end
 end
--- a/ee/spec/requests/api/graphql/mutations/dast_site_profiles/update_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/dast_site_profiles/update_spec.rb
@@ -18,7 +18,6 @@ RSpec.describe 'Creating a DAST Site Profile' do
  let(:mutation) do
    graphql_mutation(
      mutation_name,
-      full_path: full_path,
      id: dast_site_profile_id,
      profile_name: new_profile_name,
      target_url: new_target_url,
@@ -70,7 +69,7 @@ RSpec.describe 'Creating a DAST Site Profile' do
    context 'when the dast_site_profile does not exist' do
      let_it_be(:dast_site_profile_id) { Gitlab::GlobalId.build(nil, model_name: 'DastSiteProfile', id: non_existing_record_id) }
-      it_behaves_like 'a mutation that returns errors in the response', errors: ['DastSiteProfile not found']
+      it_behaves_like 'a mutation that returns top-level errors', errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
    end
    context 'when wrong type of global id is passed' do
@@ -84,12 +83,5 @@ RSpec.describe 'Creating a DAST Site Profile' do
        end
      end
    end
-    context 'when the dast_site_profile belongs to a different project' do
-      let_it_be(:other_project) { create(:project, creator: current_user) }
-      let_it_be(:full_path) { other_project.full_path }
-      it_behaves_like 'a mutation that returns a top-level access error'
-    end
  end
 end