Commit fd1f8554 authored by Mark Florian's avatar Mark Florian Committed by Martin Wortschack

Remove feature flag and update documentation

This removes the sast_configuration_ui_analyzers feature flag and
associated code paths, and updates the documentation.

Addresses https://gitlab.com/gitlab-org/gitlab/-/issues/238602
parent e085c9cf
...@@ -147,6 +147,7 @@ always take the latest SAST artifact available. ...@@ -147,6 +147,7 @@ always take the latest SAST artifact available.
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3659) in GitLab Ultimate 13.3. > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3659) in GitLab Ultimate 13.3.
> - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in GitLab Ultimate 13.4. > - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in GitLab Ultimate 13.4.
> - [Improved](https://gitlab.com/groups/gitlab-org/-/epics/3635) in GitLab Ultimate 13.5.
You can enable and configure SAST with a basic configuration using the **SAST Configuration** You can enable and configure SAST with a basic configuration using the **SAST Configuration**
page: page:
...@@ -154,9 +155,11 @@ page: ...@@ -154,9 +155,11 @@ page:
1. From the project's home page, go to **Security & Compliance** > **Configuration** in the 1. From the project's home page, go to **Security & Compliance** > **Configuration** in the
left sidebar. left sidebar.
1. If the project does not have a `gitlab-ci.yml` file, click **Enable** in the Static Application Security Testing (SAST) row, otherwise click **Configure**. 1. If the project does not have a `gitlab-ci.yml` file, click **Enable** in the Static Application Security Testing (SAST) row, otherwise click **Configure**.
1. Enter the custom SAST values, then click **Create Merge Request**. 1. Enter the custom SAST values.
Custom values are stored in the `.gitlab-ci.yml` file. For variables not in the SAST Configuration page, their values are left unchanged. Default values are inherited from the GitLab SAST template. Custom values are stored in the `.gitlab-ci.yml` file. For variables not in the SAST Configuration page, their values are left unchanged. Default values are inherited from the GitLab SAST template.
1. Optionally, expand the **SAST analyzers** section, select individual [SAST analyzers](./analyzers.md) and enter custom analyzer values.
1. Click **Create Merge Request**.
1. Review and merge the merge request. 1. Review and merge the merge request.
### Customizing the SAST settings ### Customizing the SAST settings
......
...@@ -3,7 +3,6 @@ import { GlAlert, GlLink, GlLoadingIcon, GlSprintf } from '@gitlab/ui'; ...@@ -3,7 +3,6 @@ import { GlAlert, GlLink, GlLoadingIcon, GlSprintf } from '@gitlab/ui';
import { s__ } from '~/locale'; import { s__ } from '~/locale';
import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin'; import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
import sastCiConfigurationQuery from '../graphql/sast_ci_configuration.query.graphql'; import sastCiConfigurationQuery from '../graphql/sast_ci_configuration.query.graphql';
import sastCiConfigurationWithAnalyzersQuery from '../graphql/sast_ci_configuration_with_analyzers.query.graphql';
import ConfigurationForm from './configuration_form.vue'; import ConfigurationForm from './configuration_form.vue';
export default { export default {
...@@ -27,11 +26,7 @@ export default { ...@@ -27,11 +26,7 @@ export default {
}, },
apollo: { apollo: {
sastCiConfiguration: { sastCiConfiguration: {
query() { query: sastCiConfigurationQuery,
return this.glFeatures.sastConfigurationUiAnalyzers
? sastCiConfigurationWithAnalyzersQuery
: sastCiConfigurationQuery;
},
variables() { variables() {
return { return {
fullPath: this.projectPath, fullPath: this.projectPath,
......
...@@ -4,7 +4,6 @@ import * as Sentry from '@sentry/browser'; ...@@ -4,7 +4,6 @@ import * as Sentry from '@sentry/browser';
import { cloneDeep } from 'lodash'; import { cloneDeep } from 'lodash';
import { __, s__ } from '~/locale'; import { __, s__ } from '~/locale';
import { redirectTo } from '~/lib/utils/url_utility'; import { redirectTo } from '~/lib/utils/url_utility';
import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
import AnalyzerConfiguration from './analyzer_configuration.vue'; import AnalyzerConfiguration from './analyzer_configuration.vue';
import DynamicFields from './dynamic_fields.vue'; import DynamicFields from './dynamic_fields.vue';
import ExpandableSection from './expandable_section.vue'; import ExpandableSection from './expandable_section.vue';
...@@ -24,7 +23,6 @@ export default { ...@@ -24,7 +23,6 @@ export default {
GlIcon, GlIcon,
GlLink, GlLink,
}, },
mixins: [glFeatureFlagsMixin()],
inject: { inject: {
createSastMergeRequestPath: { createSastMergeRequestPath: {
from: 'createSastMergeRequestPath', from: 'createSastMergeRequestPath',
...@@ -54,18 +52,14 @@ export default { ...@@ -54,18 +52,14 @@ export default {
return { return {
globalConfiguration: cloneDeep(this.sastCiConfiguration.global.nodes), globalConfiguration: cloneDeep(this.sastCiConfiguration.global.nodes),
pipelineConfiguration: cloneDeep(this.sastCiConfiguration.pipeline.nodes), pipelineConfiguration: cloneDeep(this.sastCiConfiguration.pipeline.nodes),
analyzersConfiguration: this.glFeatures.sastConfigurationUiAnalyzers analyzersConfiguration: cloneDeep(this.sastCiConfiguration.analyzers.nodes),
? cloneDeep(this.sastCiConfiguration.analyzers.nodes)
: [],
hasSubmissionError: false, hasSubmissionError: false,
isSubmitting: false, isSubmitting: false,
}; };
}, },
computed: { computed: {
shouldRenderAnalyzersSection() { shouldRenderAnalyzersSection() {
return Boolean( return this.analyzersConfiguration.length > 0;
this.glFeatures.sastConfigurationUiAnalyzers && this.analyzersConfiguration.length > 0,
);
}, },
}, },
methods: { methods: {
...@@ -100,18 +94,11 @@ export default { ...@@ -100,18 +94,11 @@ export default {
}); });
}, },
getMutationConfiguration() { getMutationConfiguration() {
const configuration = { return {
global: this.globalConfiguration.map(toSastCiConfigurationEntityInput), global: this.globalConfiguration.map(toSastCiConfigurationEntityInput),
pipeline: this.pipelineConfiguration.map(toSastCiConfigurationEntityInput), pipeline: this.pipelineConfiguration.map(toSastCiConfigurationEntityInput),
analyzers: this.analyzersConfiguration.map(toSastCiConfigurationAnalyzerEntityInput),
}; };
if (this.glFeatures.sastConfigurationUiAnalyzers) {
configuration.analyzers = this.analyzersConfiguration.map(
toSastCiConfigurationAnalyzerEntityInput,
);
}
return configuration;
}, },
onAnalyzerChange(name, updatedAnalyzer) { onAnalyzerChange(name, updatedAnalyzer) {
const index = this.analyzersConfiguration.findIndex(analyzer => analyzer.name === name); const index = this.analyzersConfiguration.findIndex(analyzer => analyzer.name === name);
......
#import "./sast_ci_configuration_entity.fragment.graphql"
fragment SastCiConfigurationFragment on SastCiConfiguration {
global {
nodes {
...SastCiConfigurationEntityFragment
}
}
pipeline {
nodes {
...SastCiConfigurationEntityFragment
}
}
}
#import "./sast_ci_configuration.fragment.graphql" #import "./sast_ci_configuration_entity.fragment.graphql"
query sastCiConfiguration($fullPath: ID!) { query sastCiConfiguration($fullPath: ID!) {
project(fullPath: $fullPath) { project(fullPath: $fullPath) {
sastCiConfiguration { sastCiConfiguration {
...SastCiConfigurationFragment global {
nodes {
...SastCiConfigurationEntityFragment
}
}
pipeline {
nodes {
...SastCiConfigurationEntityFragment
}
}
analyzers {
nodes {
description
enabled
label
name
variables {
nodes {
...SastCiConfigurationEntityFragment
}
}
}
}
} }
} }
} }
#import "./sast_ci_configuration.fragment.graphql"
#import "./sast_ci_configuration_entity.fragment.graphql"
query sastCiConfiguration($fullPath: ID!) {
project(fullPath: $fullPath) {
sastCiConfiguration {
...SastCiConfigurationFragment
analyzers {
nodes {
description
enabled
label
name
variables {
nodes {
...SastCiConfigurationEntityFragment
}
}
}
}
}
}
}
...@@ -11,10 +11,6 @@ module Projects ...@@ -11,10 +11,6 @@ module Projects
before_action :ensure_sast_configuration_enabled!, except: [:create] before_action :ensure_sast_configuration_enabled!, except: [:create]
before_action :authorize_edit_tree!, only: [:create] before_action :authorize_edit_tree!, only: [:create]
before_action only: [:show] do
push_frontend_feature_flag(:sast_configuration_ui_analyzers, project)
end
def show def show
end end
......
---
title: Expose analyzer configuration in SAST Configuration UI
merge_request: 42593
author:
type: added
---
name: sast_configuration_ui_analyzers
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/42214
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/238602
group: group::static analysis
type: development
default_enabled: false
...@@ -71,7 +71,7 @@ describe('ConfigurationForm component', () => { ...@@ -71,7 +71,7 @@ describe('ConfigurationForm component', () => {
const findAnalyzerConfigurations = () => wrapper.findAll(AnalyzerConfiguration); const findAnalyzerConfigurations = () => wrapper.findAll(AnalyzerConfiguration);
const findAnalyzersSection = () => wrapper.find('[data-testid="analyzers-section"]'); const findAnalyzersSection = () => wrapper.find('[data-testid="analyzers-section"]');
const expectPayloadForEntities = ({ withAnalyzers = false } = {}) => { const expectPayloadForEntities = () => {
const expectedPayload = { const expectedPayload = {
mutation: configureSastMutation, mutation: configureSastMutation,
variables: { variables: {
...@@ -92,27 +92,24 @@ describe('ConfigurationForm component', () => { ...@@ -92,27 +92,24 @@ describe('ConfigurationForm component', () => {
value: 'value1', value: 'value1',
}, },
], ],
analyzers: [
{
name: 'nameValue0',
enabled: true,
variables: [
{
field: 'field2',
defaultValue: 'defaultValue2',
value: 'value2',
},
],
},
],
}, },
}, },
}, },
}; };
if (withAnalyzers) {
expectedPayload.variables.input.configuration.analyzers = [
{
name: 'nameValue0',
enabled: true,
variables: [
{
field: 'field2',
defaultValue: 'defaultValue2',
value: 'value2',
},
],
},
];
}
expect(wrapper.vm.$apollo.mutate.mock.calls).toEqual([[expectedPayload]]); expect(wrapper.vm.$apollo.mutate.mock.calls).toEqual([[expectedPayload]]);
}; };
...@@ -162,67 +159,50 @@ describe('ConfigurationForm component', () => { ...@@ -162,67 +159,50 @@ describe('ConfigurationForm component', () => {
}); });
describe('the analyzers section', () => { describe('the analyzers section', () => {
describe('given the sastConfigurationUiAnalyzers feature flag is disabled', () => { beforeEach(() => {
beforeEach(() => { createComponent({
createComponent(); stubs: {
ExpandableSection,
},
}); });
});
it('does not render', () => { it('renders', () => {
expect(findAnalyzersSection().exists()).toBe(false); const analyzersSection = findAnalyzersSection();
}); expect(analyzersSection.exists()).toBe(true);
expect(analyzersSection.text()).toContain(ConfigurationForm.i18n.analyzersHeading);
expect(analyzersSection.text()).toContain(ConfigurationForm.i18n.analyzersSubHeading);
}); });
describe('given the sastConfigurationUiAnalyzers feature flag is enabled', () => { it('has a link to the documentation', () => {
beforeEach(() => { const link = findAnalyzersSection().find(GlLink);
createComponent({ expect(link.exists()).toBe(true);
provide: { expect(link.attributes('href')).toBe(sastAnalyzersDocumentationPath);
glFeatures: { });
sastConfigurationUiAnalyzers: true,
},
},
stubs: {
ExpandableSection,
},
});
});
it('renders', () => { it('renders each analyzer', () => {
const analyzersSection = findAnalyzersSection(); const analyzerEntities = sastCiConfiguration.analyzers.nodes;
expect(analyzersSection.exists()).toBe(true); const analyzerComponents = findAnalyzerConfigurations();
expect(analyzersSection.text()).toContain(ConfigurationForm.i18n.analyzersHeading); analyzerEntities.forEach((entity, i) => {
expect(analyzersSection.text()).toContain(ConfigurationForm.i18n.analyzersSubHeading); expect(analyzerComponents.at(i).props()).toEqual({ entity });
}); });
});
it('has a link to the documentation', () => { describe('when an AnalyzerConfiguration emits an input event', () => {
const link = findAnalyzersSection().find(GlLink); let analyzer;
expect(link.exists()).toBe(true); let updatedEntity;
expect(link.attributes('href')).toBe(sastAnalyzersDocumentationPath);
});
it('renders each analyzer', () => { beforeEach(() => {
const analyzerEntities = sastCiConfiguration.analyzers.nodes; analyzer = findAnalyzerConfigurations().at(0);
const analyzerComponents = findAnalyzerConfigurations(); updatedEntity = {
analyzerEntities.forEach((entity, i) => { ...sastCiConfiguration.analyzers.nodes[0],
expect(analyzerComponents.at(i).props()).toEqual({ entity }); value: 'new value',
}); };
analyzer.vm.$emit('input', updatedEntity);
}); });
describe('when an AnalyzerConfiguration emits an input event', () => { it('updates the entity binding', () => {
let analyzer; expect(analyzer.props('entity')).toBe(updatedEntity);
let updatedEntity;
beforeEach(() => {
analyzer = findAnalyzerConfigurations().at(0);
updatedEntity = {
...sastCiConfiguration.analyzers.nodes[0],
value: 'new value',
};
analyzer.vm.$emit('input', updatedEntity);
});
it('updates the entity binding', () => {
expect(analyzer.props('entity')).toBe(updatedEntity);
});
}); });
}); });
}); });
...@@ -233,126 +213,107 @@ describe('ConfigurationForm component', () => { ...@@ -233,126 +213,107 @@ describe('ConfigurationForm component', () => {
}); });
describe.each` describe.each`
context | successPath | errors | sastConfigurationUiAnalyzers context | successPath | errors
${'no successPath'} | ${''} | ${[]} | ${false} ${'no successPath'} | ${''} | ${[]}
${'any errors'} | ${''} | ${['an error']} | ${false} ${'any errors'} | ${''} | ${['an error']}
${'no successPath'} | ${''} | ${[]} | ${true} `('given an unsuccessful endpoint response due to $context', ({ successPath, errors }) => {
${'any errors'} | ${''} | ${['an error']} | ${true} beforeEach(() => {
`( createComponent({
'given an unsuccessful endpoint response due to $context', mutationResult: {
({ successPath, errors, sastConfigurationUiAnalyzers }) => { successPath,
beforeEach(() => { errors,
createComponent({ },
mutationResult: { });
successPath,
errors, findForm().trigger('submit');
}, });
provide: {
glFeatures: { sastConfigurationUiAnalyzers }, it('includes the value of each entity in the payload', () => {
}, expectPayloadForEntities();
}); });
findForm().trigger('submit'); it(`sets the submit button's loading prop to true`, () => {
expect(findSubmitButton().props('loading')).toBe(true);
});
describe('after async tasks', () => {
beforeEach(fulfillPendingPromises);
it('does not call redirectTo', () => {
expect(redirectTo).not.toHaveBeenCalled();
}); });
it('includes the value of each entity in the payload', () => { it('displays an alert message', () => {
expectPayloadForEntities({ withAnalyzers: sastConfigurationUiAnalyzers }); expect(findErrorAlert().exists()).toBe(true);
}); });
it(`sets the submit button's loading prop to true`, () => { it('sends the error to Sentry', () => {
expect(findSubmitButton().props('loading')).toBe(true); expect(Sentry.captureException.mock.calls).toMatchObject([
[{ message: expect.stringMatching(/merge request.*fail/) }],
]);
}); });
describe('after async tasks', () => { it(`sets the submit button's loading prop to false`, () => {
beforeEach(fulfillPendingPromises); expect(findSubmitButton().props('loading')).toBe(false);
});
it('does not call redirectTo', () => { describe('submitting again after a previous error', () => {
expect(redirectTo).not.toHaveBeenCalled(); beforeEach(() => {
findForm().trigger('submit');
}); });
it('displays an alert message', () => { it('hides the alert message', () => {
expect(findErrorAlert().exists()).toBe(true); expect(findErrorAlert().exists()).toBe(false);
}); });
});
});
});
it('sends the error to Sentry', () => { describe('given a successful endpoint response', () => {
expect(Sentry.captureException.mock.calls).toMatchObject([ beforeEach(() => {
[{ message: expect.stringMatching(/merge request.*fail/) }], createComponent({
]); mutationResult: {
}); successPath: newMergeRequestPath,
errors: [],
},
});
it(`sets the submit button's loading prop to false`, () => { findForm().trigger('submit');
expect(findSubmitButton().props('loading')).toBe(false); });
});
describe('submitting again after a previous error', () => { it('includes the value of each entity in the payload', () => {
beforeEach(() => { expectPayloadForEntities();
findForm().trigger('submit'); });
});
it('hides the alert message', () => { it(`sets the submit button's loading prop to true`, () => {
expect(findErrorAlert().exists()).toBe(false); expect(findSubmitButton().props().loading).toBe(true);
}); });
});
});
},
);
describe.each([true, false])( describe('after async tasks', () => {
'given a successful endpoint response with sastConfigurationUiAnalyzers = %p', beforeEach(fulfillPendingPromises);
sastConfigurationUiAnalyzers => {
beforeEach(() => {
createComponent({
mutationResult: {
successPath: newMergeRequestPath,
errors: [],
},
provide: {
glFeatures: { sastConfigurationUiAnalyzers },
},
});
findForm().trigger('submit'); it('calls redirectTo', () => {
expect(redirectTo).toHaveBeenCalledWith(newMergeRequestPath);
}); });
// See https://github.com/jest-community/eslint-plugin-jest/issues/229 it('does not display an alert message', () => {
// for a similar reason for disabling the rule on the next line expect(findErrorAlert().exists()).toBe(false);
// eslint-disable-next-line jest/no-identical-title
it('includes the value of each entity in the payload', () => {
expectPayloadForEntities({ withAnalyzers: sastConfigurationUiAnalyzers });
}); });
// eslint-disable-next-line jest/no-identical-title it('does not call Sentry.captureException', () => {
it(`sets the submit button's loading prop to true`, () => { expect(Sentry.captureException).not.toHaveBeenCalled();
expect(findSubmitButton().props().loading).toBe(true);
}); });
// eslint-disable-next-line jest/no-identical-title it('keeps the loading prop set to true', () => {
describe('after async tasks', () => { // This is done for UX reasons. If the loading prop is set to false
beforeEach(fulfillPendingPromises); // on success, then there's a period where the button is clickable
// again. Instead, we want the button to display a loading indicator
it('calls redirectTo', () => { // for the remainder of the lifetime of the page (i.e., until the
expect(redirectTo).toHaveBeenCalledWith(newMergeRequestPath); // browser can start painting the new page it's been redirected to).
}); expect(findSubmitButton().props().loading).toBe(true);
it('does not display an alert message', () => {
expect(findErrorAlert().exists()).toBe(false);
});
it('does not call Sentry.captureException', () => {
expect(Sentry.captureException).not.toHaveBeenCalled();
});
it('keeps the loading prop set to true', () => {
// This is done for UX reasons. If the loading prop is set to false
// on success, then there's a period where the button is clickable
// again. Instead, we want the button to display a loading indicator
// for the remainder of the lifetime of the page (i.e., until the
// browser can start painting the new page it's been redirected to).
expect(findSubmitButton().props().loading).toBe(true);
});
}); });
}, });
); });
}); });
describe('the cancel button', () => { describe('the cancel button', () => {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment