Fix editing network policies without policy management project

This change fixes problem when editing network policies when Policy Management project is not enabled for the project. Changelog: fixed EE: true

Fix editing network policies without policy management project
This change fixes problem when editing network policies when Policy Management project is not enabled for the project. Changelog: fixed EE: true
c7ebc9e0 · Alan (Maciej) Paruszewski · b732b179 · c7ebc9e0 · c7ebc9e0
Commit c7ebc9e0 authored Sep 13, 2021 by Alan (Maciej) Paruszewski
2 changed files
--- a/ee/app/services/security/security_orchestration_policies/policy_configuration_validation_service.rb
+++ b/ee/app/services/security/security_orchestration_policies/policy_configuration_validation_service.rb
@@ -14,20 +14,24 @@ module Security
      def execute
        return error_response(_('type parameter is missing and is required'), :parameter) unless @type
        return error_response(_('Invalid policy type'), :parameter) unless valid_type?
-        return error_response(_('environment_id parameter is required when type is container_policy'), :parameter) if container_policy? && !@environment_id
-        return error_response(_('Project does not have a policy configuration'), :policy_configuration) if policy_configuration.nil?
-
-        unless policy_configuration.policy_configuration_exists?
-          return error_response(
-            _("Policy management project does have any policies in %{policy_path}" % {
-              policy_path: ::Security::OrchestrationPolicyConfiguration::POLICY_PATH
-            }),
-            :policy_project
-          )
-        end

-        unless policy_configuration.policy_configuration_valid?
-          return error_response(_('Could not fetch policy because existing policy YAML is invalid'), :policy_yaml)
+        if container_policy?
+          return error_response(_('environment_id parameter is required when type is container_policy'), :parameter) unless @environment_id
+        else
+          return error_response(_('Project does not have a policy configuration'), :policy_configuration) if policy_configuration.nil?
+
+          unless policy_configuration.policy_configuration_exists?
+            return error_response(
+              _("Policy management project does have any policies in %{policy_path}" % {
+                policy_path: ::Security::OrchestrationPolicyConfiguration::POLICY_PATH
+              }),
+              :policy_project
+            )
+          end
+
+          unless policy_configuration.policy_configuration_valid?
+            return error_response(_('Could not fetch policy because existing policy YAML is invalid'), :policy_yaml)
+          end
        end

        success

--- a/ee/spec/services/security/security_orchestration_policies/policy_configuration_validation_service_spec.rb
+++ b/ee/spec/services/security/security_orchestration_policies/policy_configuration_validation_service_spec.rb
@@ -92,6 +92,30 @@ RSpec.describe Security::SecurityOrchestrationPolicies::PolicyConfigurationValid
          expect(response[:invalid_component]).to eq(:parameter)
        end
      end
+
+      context 'when environment_id is provided' do
+        let(:environment_id) { 123 }
+
+        context 'when security_orchestration_policies_configuration is missing' do
+          let(:policy_configuration) { nil }
+
+          it 'ignores policy configuration errors and returns success' do
+            response = service.execute
+
+            expect(response[:status]).to eq(:success)
+          end
+        end
+
+        context 'when security_orchestration_policies_configuration is invalid' do
+          let(:policy_blob) { { scan_execution_policy: 'invalid' }.to_yaml }
+
+          it 'ignores policy configuration errors and returns success' do
+            response = service.execute
+
+            expect(response[:status]).to eq(:success)
+          end
+        end
+      end
    end

    context 'when policy.yml is empty' do