Commit f2a0e6db authored by Robert Speicher's avatar Robert Speicher

Merge branch...

Merge branch 'philipcunningham-add-backend-for-updating-target-type-for-on-demand-294060' into 'master'

Add targetType to DastSiteProfileUpdate mutation

See merge request gitlab-org/gitlab!59715
parents fdd201f7 58d87a37
......@@ -29,6 +29,11 @@ module Mutations
required: false,
description: 'The URL of the target to be scanned.'
argument :target_type, Types::DastTargetTypeEnum,
required: false,
description: 'The type of target to be scanned. Will be ignored ' \
'if `security_dast_site_profiles_api_option` feature flag is disabled.'
argument :excluded_urls, [GraphQL::STRING_TYPE],
required: false,
description: 'The URLs to skip during an authenticated scan. Will be ignored ' \
......@@ -50,16 +55,17 @@ module Mutations
def resolve(full_path:, id:, profile_name:, target_url: nil, **params)
project = authorized_find!(full_path)
auth_params = feature_flagged(project, params[:auth], default: {})
auth_params = feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:auth], default: {})
# TODO: remove explicit coercion once compatibility layer has been removed
# See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
dast_site_profile_params = {
id: SiteProfileID.coerce_isolated_input(id).model_id,
excluded_urls: feature_flagged(project, params[:excluded_urls]),
name: profile_name,
request_headers: feature_flagged(project, params[:request_headers]),
target_url: target_url,
target_type: feature_flagged(project, :security_dast_site_profiles_api_option, params[:target_type]),
excluded_urls: feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:excluded_urls]),
request_headers: feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:request_headers]),
auth_enabled: auth_params[:enabled],
auth_url: auth_params[:url],
auth_username_field: auth_params[:username_field],
......@@ -75,8 +81,8 @@ module Mutations
private
def feature_flagged(project, value, opts = {})
return opts[:default] unless Feature.enabled?(:security_dast_site_profiles_additional_fields, project, default_enabled: :yaml)
def feature_flagged(project, flag, value, opts = {})
return opts[:default] unless Feature.enabled?(flag, project, default_enabled: :yaml)
value || opts[:default]
end
......
......@@ -13,6 +13,7 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
let(:new_target_url) { generate(:url) }
let(:new_excluded_urls) { ["#{new_target_url}/signout"] }
let(:new_request_headers) { "Authorization: Bearer #{SecureRandom.hex}" }
let(:new_target_type) { 'api' }
let(:new_auth) do
{
......@@ -40,6 +41,7 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
id: dast_site_profile.to_global_id,
profile_name: new_profile_name,
target_url: new_target_url,
target_type: new_target_type,
excluded_urls: new_excluded_urls,
request_headers: new_request_headers,
auth: new_auth
......@@ -68,6 +70,7 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
id: dast_site_profile.id.to_s,
name: new_profile_name,
target_url: new_target_url,
target_type: new_target_type,
excluded_urls: new_excluded_urls,
request_headers: new_request_headers,
auth_enabled: new_auth[:enabled],
......@@ -154,9 +157,11 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
end
context 'when the feature flag security_dast_site_profiles_additional_fields is disabled' do
it 'does not update the feature flagged attributes', :aggregate_failures do
before do
stub_feature_flags(security_dast_site_profiles_additional_fields: false)
end
it 'does not update the feature flagged attributes', :aggregate_failures do
dast_site_profile = subject[:id].find
expect(dast_site_profile).not_to have_attributes(
......@@ -171,6 +176,16 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
expect(dast_site_profile.secret_variables).to be_empty
end
end
context 'when the feature flag security_dast_site_profiles_api_option is disabled' do
before do
stub_feature_flags(security_dast_site_profiles_api_option: false)
end
it 'does not update the target_type' do
expect { subject }.not_to change { dast_site_profile.reload.target_type }
end
end
end
end
end
......
......@@ -18,6 +18,7 @@ RSpec.describe 'Creating a DAST Site Profile' do
id: dast_site_profile.to_global_id.to_s,
profile_name: new_profile_name,
target_url: new_target_url,
target_type: 'API',
excluded_urls: ["#{new_target_url}/signout"],
request_headers: 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0',
auth: {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment