Add endpoint to create instance level vulnerability export

f78a2c19 · Mehmet Emin INAC · 65f5c819 · f78a2c19 · f78a2c19
Commit f78a2c19 authored Apr 24, 2020 by Mehmet Emin INAC
Showing with 64 additions and 1 deletion

ee/lib/api/vulnerability_exports.rb ee/lib/api/vulnerability_exports.rb +15 -1

ee/spec/requests/api/vulnerability_exports_spec.rb ee/spec/requests/api/vulnerability_exports_spec.rb +49 -0

No files found.
--- a/ee/lib/api/vulnerability_exports.rb
+++ b/ee/lib/api/vulnerability_exports.rb
@@ -14,7 +14,7 @@ module API

      def process_create_request_for(exportable)
        vulnerability_export = ::VulnerabilityExports::CreateService.new(
-          user_project, current_user, format: params[:export_format]
+          exportable, current_user, format: params[:export_format]
        ).execute

        if vulnerability_export.persisted?
@@ -53,6 +53,20 @@ module API
        end
      end

+      params do
+        optional :export_format, type: String, desc: 'The format of export to be generated',
+                 default: ::Vulnerabilities::Export.formats.each_key.first,
+                 values: ::Vulnerabilities::Export.formats.keys
+      end
+      desc 'Generate an instance level export' do
+        success EE::API::Entities::VulnerabilityExport
+      end
+      post 'vulnerability_exports' do
+        authorize! :create_vulnerability_export, current_user.security_dashboard
+
+        process_create_request_for(current_user.security_dashboard)
+      end
+
      desc 'Get single project vulnerability export' do
        success EE::API::Entities::VulnerabilityExport
      end

--- a/ee/spec/requests/api/vulnerability_exports_spec.rb
+++ b/ee/spec/requests/api/vulnerability_exports_spec.rb
@@ -71,6 +71,55 @@ describe API::VulnerabilityExports do
    end
  end

+  describe 'POST /security/vulnerability_exports' do
+    let(:format) { 'csv' }
+    let(:request_path) { "/security/vulnerability_exports" }
+
+    subject(:create_vulnerability_export) { post api(request_path, user), params: { export_format: format } }
+
+    context 'when the request does not fulfill the requirements' do
+      let(:format) { 'exif' }
+
+      it 'responds with bad_request' do
+        create_vulnerability_export
+
+        expect(response).to have_gitlab_http_status(:bad_request)
+        expect(json_response).to eq('error' => 'export_format does not have a valid value')
+      end
+    end
+
+    context 'when the request fulfills the requirements' do
+      let(:mock_service_object) { instance_double(VulnerabilityExports::CreateService, execute: vulnerability_export) }
+
+      before do
+        allow(VulnerabilityExports::CreateService).to receive(:new).and_return(mock_service_object)
+      end
+
+      context 'when the export creation succeeds' do
+        let(:vulnerability_export) { create(:vulnerability_export) }
+
+        it 'returns information about new vulnerability export' do
+          create_vulnerability_export
+
+          expect(response).to have_gitlab_http_status(:created)
+          expect(response).to match_response_schema('public_api/v4/vulnerability_export', dir: 'ee')
+        end
+      end
+
+      context 'when the export creation fails' do
+        let(:errors) { instance_double(ActiveModel::Errors, any?: true, messages: ['foo']) }
+        let(:vulnerability_export) { instance_double(Vulnerabilities::Export, persisted?: false, errors: errors) }
+
+        it 'returns the error message' do
+          create_vulnerability_export
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(json_response).to eq('message' => ['foo'])
+        end
+      end
+    end
+  end
+
  describe 'GET /security/vulnerability_exports/:id' do
    let_it_be(:vulnerability_export) { create(:vulnerability_export, :finished, :csv, :with_csv_file, project: project, author: user) }