Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
f8846f09
Commit
f8846f09
authored
Jan 07, 2022
by
Zamir Martins Filho
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add scan result policy into policy list
EE: true Changelog: added
parent
6662fa41
Changes
9
Hide whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
139 additions
and
12 deletions
+139
-12
ee/app/assets/javascripts/threat_monitoring/components/constants.js
...ets/javascripts/threat_monitoring/components/constants.js
+11
-0
ee/app/assets/javascripts/threat_monitoring/components/policies/policies_list.vue
...s/threat_monitoring/components/policies/policies_list.vue
+27
-2
ee/app/assets/javascripts/threat_monitoring/components/policy_type_filter.vue
...ripts/threat_monitoring/components/policy_type_filter.vue
+13
-1
ee/app/assets/javascripts/threat_monitoring/graphql/queries/scan_result_policies.query.graphql
...toring/graphql/queries/scan_result_policies.query.graphql
+13
-0
ee/app/assets/javascripts/threat_monitoring/utils.js
ee/app/assets/javascripts/threat_monitoring/utils.js
+3
-0
ee/spec/frontend/threat_monitoring/components/policies/policies_list_spec.js
...reat_monitoring/components/policies/policies_list_spec.js
+22
-9
ee/spec/frontend/threat_monitoring/mocks/mock_apollo.js
ee/spec/frontend/threat_monitoring/mocks/mock_apollo.js
+12
-0
ee/spec/frontend/threat_monitoring/mocks/mock_data.js
ee/spec/frontend/threat_monitoring/mocks/mock_data.js
+32
-0
locale/gitlab.pot
locale/gitlab.pot
+6
-0
No files found.
ee/app/assets/javascripts/threat_monitoring/components/constants.js
View file @
f8846f09
...
...
@@ -42,6 +42,13 @@ export const POLICY_TYPE_COMPONENT_OPTIONS = {
urlParameter
:
'
scan_execution_policy
'
,
value
:
'
scanExecution
'
,
},
scanResult
:
{
component
:
'
scan-result-policy-editor
'
,
text
:
s__
(
'
SecurityOrchestration|Scan Result
'
),
typeName
:
'
ScanResultPolicy
'
,
urlParameter
:
'
scan_result_policy
'
,
value
:
'
scanResult
'
,
},
};
export
const
POLICY_TYPE_OPTIONS
=
{
...
...
@@ -53,6 +60,10 @@ export const POLICY_TYPE_OPTIONS = {
value
:
'
POLICY_TYPE_SCAN_EXECUTION
'
,
text
:
s__
(
'
SecurityOrchestration|Scan execution
'
),
},
POLICY_TYPE_SCAN_RESULT
:
{
value
:
'
POLICY_TYPE_SCAN_RESULT
'
,
text
:
s__
(
'
SecurityOrchestration|Scan result
'
),
},
ALL
:
{
value
:
''
,
text
:
s__
(
'
SecurityOrchestration|All policies
'
),
...
...
ee/app/assets/javascripts/threat_monitoring/components/policies/policies_list.vue
View file @
f8846f09
...
...
@@ -14,8 +14,10 @@ import createFlash from '~/flash';
import
{
getTimeago
}
from
'
~/lib/utils/datetime_utility
'
;
import
{
setUrlFragment
,
mergeUrlParams
}
from
'
~/lib/utils/url_utility
'
;
import
{
__
,
s__
}
from
'
~/locale
'
;
import
glFeatureFlagMixin
from
'
~/vue_shared/mixins/gl_feature_flags_mixin
'
;
import
networkPoliciesQuery
from
'
../../graphql/queries/network_policies.query.graphql
'
;
import
scanExecutionPoliciesQuery
from
'
../../graphql/queries/scan_execution_policies.query.graphql
'
;
import
scanResultPoliciesQuery
from
'
../../graphql/queries/scan_result_policies.query.graphql
'
;
import
{
getPolicyType
}
from
'
../../utils
'
;
import
{
POLICY_TYPE_COMPONENT_OPTIONS
,
POLICY_TYPE_OPTIONS
}
from
'
../constants
'
;
import
EnvironmentPicker
from
'
../environment_picker.vue
'
;
...
...
@@ -57,6 +59,7 @@ export default {
directives
:
{
GlTooltip
:
GlTooltipDirective
,
},
mixins
:
[
glFeatureFlagMixin
()],
inject
:
[
'
documentationPath
'
,
'
projectPath
'
,
'
newPolicyPath
'
],
props
:
{
shouldUpdatePolicyList
:
{
...
...
@@ -100,12 +103,25 @@ export default {
},
error
:
createPolicyFetchError
,
},
scanResultPolicies
:
{
query
:
scanResultPoliciesQuery
,
variables
()
{
return
{
fullPath
:
this
.
projectPath
,
};
},
update
(
data
)
{
return
data
?.
project
?.
scanResultPolicies
?.
nodes
??
[];
},
error
:
createPolicyFetchError
,
},
},
data
()
{
return
{
selectedPolicy
:
null
,
networkPolicies
:
[],
scanExecutionPolicies
:
[],
scanResultPolicies
:
[],
selectedPolicyType
:
POLICY_TYPE_OPTIONS
.
ALL
.
value
,
};
},
...
...
@@ -113,10 +129,14 @@ export default {
...
mapState
(
'
threatMonitoring
'
,
[
'
allEnvironments
'
,
'
currentEnvironmentId
'
,
'
hasEnvironment
'
]),
...
mapGetters
(
'
threatMonitoring
'
,
[
'
currentEnvironmentGid
'
]),
allPolicyTypes
()
{
return
{
const
allTypes
=
{
[
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_NETWORK
.
value
]:
this
.
networkPolicies
,
[
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_SCAN_EXECUTION
.
value
]:
this
.
scanExecutionPolicies
,
};
if
(
this
.
isFeatureEnabled
)
{
allTypes
[
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_SCAN_RESULT
.
value
]
=
this
.
scanResultPolicies
;
}
return
allTypes
;
},
documentationFullPath
()
{
return
setUrlFragment
(
this
.
documentationPath
,
'
container-network-policy
'
);
...
...
@@ -141,7 +161,8 @@ export default {
isLoadingPolicies
()
{
return
(
this
.
$apollo
.
queries
.
networkPolicies
.
loading
||
this
.
$apollo
.
queries
.
scanExecutionPolicies
.
loading
this
.
$apollo
.
queries
.
scanExecutionPolicies
.
loading
||
this
.
$apollo
.
queries
.
scanResultPolicies
.
loading
);
},
hasSelectedPolicy
()
{
...
...
@@ -207,11 +228,15 @@ export default {
return
fields
;
},
isFeatureEnabled
()
{
return
this
.
glFeatures
.
scanResultPolicy
;
},
},
watch
:
{
shouldUpdatePolicyList
(
newShouldUpdatePolicyList
)
{
if
(
newShouldUpdatePolicyList
)
{
this
.
$apollo
.
queries
.
scanExecutionPolicies
.
refetch
();
this
.
$apollo
.
queries
.
scanResultPolicies
.
refetch
();
this
.
$emit
(
'
update-policy-list
'
,
false
);
}
},
...
...
ee/app/assets/javascripts/threat_monitoring/components/policy_type_filter.vue
View file @
f8846f09
<
script
>
import
{
GlFormGroup
,
GlDropdown
,
GlDropdownItem
}
from
'
@gitlab/ui
'
;
import
{
__
}
from
'
~/locale
'
;
import
glFeatureFlagMixin
from
'
~/vue_shared/mixins/gl_feature_flags_mixin
'
;
import
{
POLICY_TYPE_OPTIONS
}
from
'
./constants
'
;
export
default
{
...
...
@@ -10,6 +11,7 @@ export default {
GlDropdown
,
GlDropdownItem
,
},
mixins
:
[
glFeatureFlagMixin
()],
props
:
{
value
:
{
type
:
String
,
...
...
@@ -24,6 +26,16 @@ export default {
selectedValueText
()
{
return
Object
.
values
(
POLICY_TYPE_OPTIONS
).
find
(({
value
})
=>
value
===
this
.
value
).
text
;
},
isFeatureEnabled
()
{
return
this
.
glFeatures
.
scanResultPolicy
;
},
policyTypeOptions
()
{
const
policyType
=
POLICY_TYPE_OPTIONS
;
if
(
!
this
.
isFeatureEnabled
)
{
delete
policyType
.
POLICY_TYPE_SCAN_RESULT
;
}
return
policyType
;
},
},
methods
:
{
setPolicyType
({
value
})
{
...
...
@@ -51,7 +63,7 @@ export default {
:text=
"selectedValueText"
>
<gl-dropdown-item
v-for=
"option in
$options.POLICY_TYPE_OPTIONS
"
v-for=
"option in
policyTypeOptions
"
:key=
"option.value"
:data-testid=
"`policy-type-$
{option.value}-option`"
@click="setPolicyType(option)"
...
...
ee/app/assets/javascripts/threat_monitoring/graphql/queries/scan_result_policies.query.graphql
0 → 100644
View file @
f8846f09
query
scanResultPolicies
(
$fullPath
:
ID
!)
{
project
(
fullPath
:
$fullPath
)
{
id
scanResultPolicies
{
nodes
{
name
yaml
enabled
updatedAt
}
}
}
}
ee/app/assets/javascripts/threat_monitoring/utils.js
View file @
f8846f09
...
...
@@ -25,6 +25,9 @@ export const getPolicyType = (typeName = '') => {
if
(
typeName
===
POLICY_TYPE_COMPONENT_OPTIONS
.
scanExecution
.
typeName
)
{
return
POLICY_TYPE_COMPONENT_OPTIONS
.
scanExecution
.
value
;
}
if
(
typeName
===
POLICY_TYPE_COMPONENT_OPTIONS
.
scanResult
.
typeName
)
{
return
POLICY_TYPE_COMPONENT_OPTIONS
.
scanResult
.
value
;
}
return
null
;
};
...
...
ee/spec/frontend/threat_monitoring/components/policies/policies_list_spec.js
View file @
f8846f09
...
...
@@ -8,15 +8,21 @@ import PolicyDrawer from 'ee/threat_monitoring/components/policy_drawer/policy_d
import
{
PREDEFINED_NETWORK_POLICIES
}
from
'
ee/threat_monitoring/constants
'
;
import
networkPoliciesQuery
from
'
ee/threat_monitoring/graphql/queries/network_policies.query.graphql
'
;
import
scanExecutionPoliciesQuery
from
'
ee/threat_monitoring/graphql/queries/scan_execution_policies.query.graphql
'
;
import
scanResultPoliciesQuery
from
'
ee/threat_monitoring/graphql/queries/scan_result_policies.query.graphql
'
;
import
createStore
from
'
ee/threat_monitoring/store
'
;
import
createMockApollo
from
'
helpers/mock_apollo_helper
'
;
import
{
stubComponent
}
from
'
helpers/stub_component
'
;
import
{
mountExtended
,
shallowMountExtended
}
from
'
helpers/vue_test_utils_helper
'
;
import
waitForPromises
from
'
helpers/wait_for_promises
'
;
import
{
networkPolicies
,
scanExecutionPolicies
}
from
'
../../mocks/mock_apollo
'
;
import
{
networkPolicies
,
scanExecutionPolicies
,
scanResultPolicies
,
}
from
'
../../mocks/mock_apollo
'
;
import
{
mockNetworkPoliciesResponse
,
mockScanExecutionPoliciesResponse
,
mockScanResultPoliciesResponse
,
}
from
'
../../mocks/mock_data
'
;
const
localVue
=
createLocalVue
();
...
...
@@ -35,9 +41,11 @@ const environments = [
];
const
networkPoliciesSpy
=
networkPolicies
(
mockNetworkPoliciesResponse
);
const
scanExecutionPoliciesSpy
=
scanExecutionPolicies
(
mockScanExecutionPoliciesResponse
);
const
scanResultPoliciesSpy
=
scanResultPolicies
(
mockScanResultPoliciesResponse
);
const
defaultRequestHandlers
=
{
networkPolicies
:
networkPoliciesSpy
,
scanExecutionPolicies
:
scanExecutionPoliciesSpy
,
scanResultPolicies
:
scanResultPoliciesSpy
,
};
const
pendingHandler
=
jest
.
fn
(()
=>
new
Promise
(()
=>
{}));
...
...
@@ -81,10 +89,12 @@ describe('PoliciesList component', () => {
documentationPath
:
'
path/to/docs
'
,
newPolicyPath
:
'
path/to/policy
'
,
projectPath
:
fullPath
,
glFeatures
:
{
scanResultPolicy
:
true
},
},
apolloProvider
:
createMockApollo
([
[
networkPoliciesQuery
,
requestHandlers
.
networkPolicies
],
[
scanExecutionPoliciesQuery
,
requestHandlers
.
scanExecutionPolicies
],
[
scanResultPoliciesQuery
,
requestHandlers
.
scanResultPolicies
],
]),
stubs
:
{
PolicyDrawer
:
stubComponent
(
PolicyDrawer
,
{
...
...
@@ -163,7 +173,7 @@ describe('PoliciesList component', () => {
});
it
(
'
does render default network policies
'
,
()
=>
{
expect
(
findPolicyStatusCells
()).
toHaveLength
(
5
);
expect
(
findPolicyStatusCells
()).
toHaveLength
(
6
);
});
it
(
'
fetches network policies on environment change
'
,
async
()
=>
{
...
...
@@ -190,9 +200,10 @@ describe('PoliciesList component', () => {
describe
.
each
`
rowIndex | expectedPolicyName | expectedPolicyType
${
1
}
|
${
mockScanExecutionPoliciesResponse
[
0
].
name
}
|
${
'
Scan execution
'
}
${
3
}
|
${
mockNetworkPoliciesResponse
[
0
].
name
}
|
${
'
Network
'
}
${
4
}
|
${
PREDEFINED_NETWORK_POLICIES
[
0
].
name
}
|
${
'
Network
'
}
${
5
}
|
${
PREDEFINED_NETWORK_POLICIES
[
1
].
name
}
|
${
'
Network
'
}
${
2
}
|
${
mockScanResultPoliciesResponse
[
0
].
name
}
|
${
'
Scan result
'
}
${
3
}
|
${
mockNetworkPoliciesResponse
[
1
].
name
}
|
${
'
Network
'
}
${
4
}
|
${
mockNetworkPoliciesResponse
[
0
].
name
}
|
${
'
Network
'
}
${
5
}
|
${
PREDEFINED_NETWORK_POLICIES
[
0
].
name
}
|
${
'
Network
'
}
`
(
'
policy in row #$rowIndex
'
,
({
rowIndex
,
expectedPolicyName
,
expectedPolicyType
})
=>
{
let
row
;
...
...
@@ -211,8 +222,9 @@ describe('PoliciesList component', () => {
it
.
each
`
description | filterBy | hiddenTypes
${
'
network
'
}
|
${
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_NETWORK
}
|
${[
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_SCAN_EXECUTION
]}
${
'
scan execution
'
}
|
${
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_SCAN_EXECUTION
}
|
${[
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_NETWORK
]}
${
'
network
'
}
|
${
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_NETWORK
}
|
${[
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_SCAN_EXECUTION
,
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_SCAN_RESULT
]}
${
'
scan execution
'
}
|
${
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_SCAN_EXECUTION
}
|
${[
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_NETWORK
,
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_SCAN_RESULT
]}
${
'
scan result
'
}
|
${
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_SCAN_RESULT
}
|
${[
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_NETWORK
,
POLICY_TYPE_OPTIONS
.
POLICY_TYPE_SCAN_EXECUTION
]}
`
(
'
policies filtered by $description type
'
,
async
({
filterBy
,
hiddenTypes
})
=>
{
findPolicyTypeFilter
().
vm
.
$emit
(
'
input
'
,
filterBy
.
value
);
await
wrapper
.
vm
.
$nextTick
();
...
...
@@ -258,7 +270,7 @@ describe('PoliciesList component', () => {
});
it
(
'
renders a "Disabled" label for screen readers for disabled policies
'
,
()
=>
{
const
span
=
findPolicyStatusCells
().
at
(
3
).
find
(
'
span
'
);
const
span
=
findPolicyStatusCells
().
at
(
4
).
find
(
'
span
'
);
expect
(
span
.
exists
()).
toBe
(
true
);
expect
(
span
.
attributes
(
'
class
'
)).
toBe
(
'
gl-sr-only
'
);
...
...
@@ -284,6 +296,7 @@ describe('PoliciesList component', () => {
${
PREDEFINED_NETWORK_POLICIES
[
0
].
name
}
|
${
PREDEFINED_NETWORK_POLICIES
[
0
]}
|
${
'
container
'
}
|
${
'
path/to/policy?environment_id=2&type=container_policy&kind=CiliumNetworkPolicy
'
}
${
PREDEFINED_NETWORK_POLICIES
[
1
].
name
}
|
${
PREDEFINED_NETWORK_POLICIES
[
1
]}
|
${
'
container
'
}
|
${
'
path/to/policy?environment_id=2&type=container_policy&kind=CiliumNetworkPolicy
'
}
${
'
scan execution
'
}
|
${
mockScanExecutionPoliciesResponse
[
0
]}
|
${
'
scanExecution
'
}
|
${
'
path/to/policy?environment_id=2&type=scan_execution_policy
'
}
${
'
scan result
'
}
|
${
mockScanResultPoliciesResponse
[
0
]}
|
${
'
scanResult
'
}
|
${
'
path/to/policy?environment_id=2&type=scan_result_policy
'
}
`
(
'
given there is a $description policy selected
'
,
({
policy
,
policyType
,
editPolicyPath
})
=>
{
beforeEach
(()
=>
{
mountShallowWrapper
();
...
...
@@ -331,7 +344,7 @@ describe('PoliciesList component', () => {
});
it
(
'
does not render default network policies
'
,
()
=>
{
expect
(
findPolicyStatusCells
()).
toHaveLength
(
1
);
expect
(
findPolicyStatusCells
()).
toHaveLength
(
2
);
});
});
});
ee/spec/frontend/threat_monitoring/mocks/mock_apollo.js
View file @
f8846f09
...
...
@@ -57,6 +57,18 @@ export const scanExecutionPolicies = (nodes) =>
},
});
export
const
scanResultPolicies
=
(
nodes
)
=>
jest
.
fn
().
mockResolvedValue
({
data
:
{
project
:
{
id
:
'
3
'
,
scanResultPolicies
:
{
nodes
,
},
},
},
});
export
const
mockLinkSecurityPolicyProjectResponses
=
{
success
:
jest
.
fn
().
mockResolvedValue
({
data
:
{
securityPolicyProjectAssign
:
{
errors
:
[]
}
}
}),
failure
:
jest
...
...
ee/spec/frontend/threat_monitoring/mocks/mock_data.js
View file @
f8846f09
...
...
@@ -200,8 +200,40 @@ export const mockScanExecutionPolicy = {
latestScan
:
{
date
:
new
Date
(
'
2021-06-07T00:00:00.000Z
'
),
pipelineUrl
:
'
path/to/pipeline
'
},
};
export
const
mockScanResultManifest
=
`type: scan_execution_policy
name: critical vulnerability CS approvals
description: This policy enforces critical vulnerability CS approvals
enabled: true
rules:
- type: scan_finding
branches:
- master
scanners:
- container_scanning
vulnerability_allowed: 1
severity_levels:
- critical
vulnerability_states:
- newly_added
actions:
- type: require_approval
approvals_required: 1
user_approvers:
- the.one
`
;
export
const
mockScanResultPolicy
=
{
__typename
:
'
ScanResultPolicy
'
,
name
:
'
critical vulnerability CS approvals
'
,
updatedAt
:
new
Date
(
'
2021-06-07T00:00:00.000Z
'
),
yaml
:
mockScanResultManifest
,
enabled
:
true
,
};
export
const
mockScanExecutionPoliciesResponse
=
[
mockScanExecutionPolicy
];
export
const
mockScanResultPoliciesResponse
=
[
mockScanResultPolicy
];
export
const
mockNominalHistory
=
[
[
'
2019-12-04T00:00:00.000Z
'
,
56
],
[
'
2019-12-05T00:00:00.000Z
'
,
2647
],
...
...
locale/gitlab.pot
View file @
f8846f09
...
...
@@ -31597,12 +31597,18 @@ msgstr ""
msgid "SecurityOrchestration|Scan Execution"
msgstr ""
msgid "SecurityOrchestration|Scan Result"
msgstr ""
msgid "SecurityOrchestration|Scan execution"
msgstr ""
msgid "SecurityOrchestration|Scan execution policies can only be created by project owners."
msgstr ""
msgid "SecurityOrchestration|Scan result"
msgstr ""
msgid "SecurityOrchestration|Scan to be performed %{cadence}"
msgstr ""
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment