Fix editing network policies without policy management project

This change fixes problem when editing network policies when Policy
Management project is not enabled for the project.

Changelog: fixed
EE: true
parent b732b179
...@@ -14,20 +14,24 @@ module Security ...@@ -14,20 +14,24 @@ module Security
def execute def execute
return error_response(_('type parameter is missing and is required'), :parameter) unless @type return error_response(_('type parameter is missing and is required'), :parameter) unless @type
return error_response(_('Invalid policy type'), :parameter) unless valid_type? return error_response(_('Invalid policy type'), :parameter) unless valid_type?
return error_response(_('environment_id parameter is required when type is container_policy'), :parameter) if container_policy? && !@environment_id
return error_response(_('Project does not have a policy configuration'), :policy_configuration) if policy_configuration.nil?
unless policy_configuration.policy_configuration_exists?
return error_response(
_("Policy management project does have any policies in %{policy_path}" % {
policy_path: ::Security::OrchestrationPolicyConfiguration::POLICY_PATH
}),
:policy_project
)
end
unless policy_configuration.policy_configuration_valid? if container_policy?
return error_response(_('Could not fetch policy because existing policy YAML is invalid'), :policy_yaml) return error_response(_('environment_id parameter is required when type is container_policy'), :parameter) unless @environment_id
else
return error_response(_('Project does not have a policy configuration'), :policy_configuration) if policy_configuration.nil?
unless policy_configuration.policy_configuration_exists?
return error_response(
_("Policy management project does have any policies in %{policy_path}" % {
policy_path: ::Security::OrchestrationPolicyConfiguration::POLICY_PATH
}),
:policy_project
)
end
unless policy_configuration.policy_configuration_valid?
return error_response(_('Could not fetch policy because existing policy YAML is invalid'), :policy_yaml)
end
end end
success success
......
...@@ -92,6 +92,30 @@ RSpec.describe Security::SecurityOrchestrationPolicies::PolicyConfigurationValid ...@@ -92,6 +92,30 @@ RSpec.describe Security::SecurityOrchestrationPolicies::PolicyConfigurationValid
expect(response[:invalid_component]).to eq(:parameter) expect(response[:invalid_component]).to eq(:parameter)
end end
end end
context 'when environment_id is provided' do
let(:environment_id) { 123 }
context 'when security_orchestration_policies_configuration is missing' do
let(:policy_configuration) { nil }
it 'ignores policy configuration errors and returns success' do
response = service.execute
expect(response[:status]).to eq(:success)
end
end
context 'when security_orchestration_policies_configuration is invalid' do
let(:policy_blob) { { scan_execution_policy: 'invalid' }.to_yaml }
it 'ignores policy configuration errors and returns success' do
response = service.execute
expect(response[:status]).to eq(:success)
end
end
end
end end
context 'when policy.yml is empty' do context 'when policy.yml is empty' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment