Move security policy yaml in specs to factory

This commit moves the hardcoded policy yaml content in specs into a new factory. This commit is a follow-up from https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69108.

Move security policy yaml in specs to factory
This commit moves the hardcoded policy yaml content in specs into a new factory. This commit is a follow-up from https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69108.
07826546 · Sashi Kumar Kumaresan · Andy Soiron · 1e0dcf3a · 07826546 · 07826546
Commit 07826546 authored Sep 01, 2021 by Sashi Kumar Kumaresan Committed by Andy Soiron Sep 01, 2021
9 changed files
--- a/ee/spec/graphql/mutations/security_policy/commit_scan_execution_policy_spec.rb
+++ b/ee/spec/graphql/mutations/security_policy/commit_scan_execution_policy_spec.rb
@@ -10,22 +10,7 @@ RSpec.describe Mutations::SecurityPolicy::CommitScanExecutionPolicy do
    let_it_be(:policy_management_project) { create(:project, :repository, namespace: user.namespace) }
    let_it_be(:policy_configuration) { create(:security_orchestration_policy_configuration, security_policy_management_project: policy_management_project, project: project) }
    let_it_be(:operation_mode) { Types::MutationOperationModeEnum.enum[:append] }
-    let_it_be(:policy_yaml) do
+    let_it_be(:policy_yaml) { build(:scan_execution_policy).merge(type: 'scan_execution_policy').to_yaml }
-      <<-EOS
-        name: Run DAST in every pipeline
-        type: scan_execution_policy
-        description: This policy enforces to run DAST for every pipeline within the project
-        enabled: true
-        rules:
-        - type: pipeline
-          branches:
-          - "production"
-        actions:
-        - scan: dast
-          site_profile: Site Profile
-          scanner_profile: Scanner Profile
-      EOS
-    end
    subject { mutation.resolve(project_path: project.full_path, policy_yaml: policy_yaml, operation_mode: operation_mode) }

--- a/ee/spec/graphql/resolvers/scan_execution_policy_resolver_spec.rb
+++ b/ee/spec/graphql/resolvers/scan_execution_policy_resolver_spec.rb
@@ -11,17 +11,8 @@ RSpec.describe Resolvers::ScanExecutionPolicyResolver do
  let_it_be(:policy_last_updated_at) { Time.now }
  let_it_be(:user) { policy_management_project.owner }
-  let_it_be(:policy) do
+  let(:policy) { build(:scan_execution_policy, name: 'Run DAST in every pipeline') }
-    {
+  let(:policy_yaml) { build(:scan_execution_policy_yaml, policies: [policy]) }
-      name: 'Run DAST in every pipeline',
-      description: 'This policy enforces to run DAST for every pipeline within the project',
-      enabled: true,
-      rules: [{ type: 'pipeline', branches: %w[production] }],
-      actions: [
-        { scan: 'dast', site_profile: 'Site Profile', scanner_profile: 'Scanner Profile' }
-      ]
-    }
-  end
  let(:repository) { instance_double(Repository, root_ref: 'master') }
@@ -33,7 +24,7 @@ RSpec.describe Resolvers::ScanExecutionPolicyResolver do
      commit.committed_date = policy_last_updated_at
      allow(policy_management_project).to receive(:repository).and_return(repository)
      allow(repository).to receive(:last_commit_for_path).and_return(commit)
-      allow(repository).to receive(:blob_data_at).and_return({ scan_execution_policy: [policy] }.to_yaml)
+      allow(repository).to receive(:blob_data_at).and_return(policy_yaml)
    end
    context 'when feature is not licensed' do

--- a/ee/spec/graphql/types/dast_scanner_profile_type_spec.rb
+++ b/ee/spec/graphql/types/dast_scanner_profile_type_spec.rb
@@ -73,43 +73,25 @@ RSpec.describe GitlabSchema.types['DastScannerProfile'] do
      let_it_be(:policies_project) { create(:project, :repository) }
      let_it_be(:security_orchestration_policy_configuration) { create(:security_orchestration_policy_configuration, project: project, security_policy_management_project: policies_project) }
-      let_it_be(:policy_yml) do
+      let(:policy1) do
-        <<-EOS
+        build(:scan_execution_policy, rules: [{ type: 'pipeline', branches: %w[master] }], actions: [
-        scan_execution_policy:
+          { scan: 'dast', site_profile: 'Site Profile', scanner_profile: dast_scanner_profile.name },
-        - name: Run DAST in every pipeline
+          { scan: 'dast', site_profile: 'Site Profile 2', scanner_profile: 'Scanner Profile 2' }
-          description: This policy enforces to run DAST for every pipeline within the project
+        ])
-          enabled: true
-          rules:
-          - type: pipeline
-            branches:
-            - "master"
-          actions:
-          - scan: dast
-            site_profile: Site Profile
-            scanner_profile: #{dast_scanner_profile.name}
-          - scan: dast
-            site_profile: Site Profile 2
-            scanner_profile: Scanner Profile 2
-        - name: Run DAST in every pipeline 2
-          description: This policy enforces to run DAST for every pipeline within the project
-          enabled: true
-          rules:
-          - type: pipeline
-            branches:
-            - "master"
-          actions:
-          - scan: dast
-            site_profile: Site Profile 3
-            scanner_profile: Scanner Profile 3
-          - scan: dast
-            site_profile: Site Profile 4
-            scanner_profile: Scanner Profile 4
-        EOS
      end
+      let(:policy2) do
+        build(:scan_execution_policy, name: 'Run DAST in every pipeline 2', rules: [{ type: 'pipeline', branches: %w[master] }], actions: [
+          { scan: 'dast', site_profile: 'Site Profile 3', scanner_profile: 'Scanner Profile 3' },
+          { scan: 'dast', site_profile: 'Site Profile 4', scanner_profile: 'Scanner Profile 4' }
+        ])
+      end
+      let(:policy_yaml) { build(:scan_execution_policy_yaml, policies: [policy1, policy2]) }
      before do
        create_list(:dast_scanner_profile, 30, project: project)
-        create_file_in_repo(policies_project, 'master', 'master', Security::OrchestrationPolicyConfiguration::POLICY_PATH, policy_yml)
+        create_file_in_repo(policies_project, 'master', 'master', Security::OrchestrationPolicyConfiguration::POLICY_PATH, policy_yaml)
      end
      it 'only calls Gitaly twice when multiple profiles are present', :request_store do

--- a/ee/spec/graphql/types/dast_site_profile_type_spec.rb
+++ b/ee/spec/graphql/types/dast_site_profile_type_spec.rb
@@ -138,43 +138,25 @@ RSpec.describe GitlabSchema.types['DastSiteProfile'] do
      let_it_be(:policies_project) { create(:project, :repository) }
      let_it_be(:security_orchestration_policy_configuration) { create(:security_orchestration_policy_configuration, project: project, security_policy_management_project: policies_project) }
-      let_it_be(:policy_yml) do
+      let(:policy1) do
-        <<-EOS
+        build(:scan_execution_policy, rules: [{ type: 'pipeline', branches: %w[master] }], actions: [
-        scan_execution_policy:
+          { scan: 'dast', site_profile: 'Site Profile', scanner_profile: 'Scanner Profile' },
-        - name: Run DAST in every pipeline
+          { scan: 'dast', site_profile: 'Site Profile 2', scanner_profile: 'Scanner Profile 2' }
-          description: This policy enforces to run DAST for every pipeline within the project
+        ])
-          enabled: true
-          rules:
-          - type: pipeline
-            branches:
-            - "master"
-          actions:
-          - scan: dast
-            site_profile: Site Profile
-            scanner_profile: Scanner Profile
-          - scan: dast
-            site_profile: Site Profile 2
-            scanner_profile: Scanner Profile 2
-        - name: Run DAST in every pipeline 2
-          description: This policy enforces to run DAST for every pipeline within the project
-          enabled: true
-          rules:
-          - type: pipeline
-            branches:
-            - "master"
-          actions:
-          - scan: dast
-            site_profile: Site Profile 3
-            scanner_profile: Scanner Profile 3
-          - scan: dast
-            site_profile: Site Profile 4
-            scanner_profile: Scanner Profile 4
-        EOS
      end
+      let(:policy2) do
+        build(:scan_execution_policy, name: 'Run DAST in every pipeline 2', rules: [{ type: 'pipeline', branches: %w[master] }], actions: [
+          { scan: 'dast', site_profile: 'Site Profile 3', scanner_profile: 'Scanner Profile 3' },
+          { scan: 'dast', site_profile: 'Site Profile 4', scanner_profile: 'Scanner Profile 4' }
+        ])
+      end
+      let(:policy_yaml) { build(:scan_execution_policy_yaml, policies: [policy1, policy2]) }
      before do
        create_list(:dast_site_profile, 30, project: project)
-        create_file_in_repo(policies_project, 'master', 'master', Security::OrchestrationPolicyConfiguration::POLICY_PATH, policy_yml)
+        create_file_in_repo(policies_project, 'master', 'master', Security::OrchestrationPolicyConfiguration::POLICY_PATH, policy_yaml)
      end
      it 'only calls Gitaly twice when multiple profiles are present', :request_store do

--- a/ee/spec/lib/ee/gitlab/ci/config_spec.rb
+++ b/ee/spec/lib/ee/gitlab/ci/config_spec.rb
@@ -45,30 +45,14 @@ RSpec.describe Gitlab::Ci::Config do
    let_it_be(:policies_repository) { create(:project, :repository) }
    let_it_be(:security_orchestration_policy_configuration) { create(:security_orchestration_policy_configuration, project: project, security_policy_management_project: policies_repository) }
+    let_it_be(:policy_yaml) { build(:scan_execution_policy_yaml, policies: [build(:scan_execution_policy)]) }
-    let_it_be(:policy_yml) do
-      <<-EOS
-      scan_execution_policy:
-       -  name: Run DAST in every pipeline
-          description: This policy enforces to run DAST for every pipeline within the project
-          enabled: true
-          rules:
-          - type: pipeline
-            branches:
-            - "production"
-          actions:
-          - scan: dast
-            site_profile: Site Profile
-            scanner_profile: Scanner Profile
-      EOS
-    end
    subject(:config) { described_class.new(ci_yml, source_ref_path: ref, project: project, source: source) }
    before do
      allow_next_instance_of(Repository) do |repository|
        # allow(repository).to receive(:ls_files).and_return(['.gitlab/security-policies/enforce-dast.yml'])
-        allow(repository).to receive(:blob_data_at).and_return(policy_yml)
+        allow(repository).to receive(:blob_data_at).and_return(policy_yaml)
      end
    end

--- a/ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb
+++ b/ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb
@@ -16,28 +16,18 @@ RSpec.describe Gitlab::Ci::Config::SecurityOrchestrationPolicies::Processor do
  let_it_be(:policies_repository) { create(:project, :repository) }
  let_it_be(:security_orchestration_policy_configuration) { create(:security_orchestration_policy_configuration, project: project, security_policy_management_project: policies_repository) }
+  let_it_be(:policy) do
-  let_it_be(:policy_yml) do
+    build(:scan_execution_policy, actions: [
-    <<-EOS
+    { scan: 'dast', site_profile: 'Site Profile', scanner_profile: 'Scanner Profile' },
-    scan_execution_policy:
+    { scan: 'secret_detection' }
-      -  name: Run DAST in every pipeline
+  ])
-         description: This policy enforces to run DAST for every pipeline within the project
-         enabled: true
-         rules:
-         - type: pipeline
-           branches:
-           - "production"
-         actions:
-         - scan: dast
-           site_profile: Site Profile
-           scanner_profile: Scanner Profile
-         - scan: secret_detection
-    EOS
  end
+  let_it_be(:policy_yaml) { build(:scan_execution_policy_yaml, policies: [policy]) }
  before do
    allow_next_instance_of(Repository) do |repository|
-      allow(repository).to receive(:blob_data_at).and_return(policy_yml)
+      allow(repository).to receive(:blob_data_at).and_return(policy_yaml)
    end
  end
@@ -56,20 +46,9 @@ RSpec.describe Gitlab::Ci::Config::SecurityOrchestrationPolicies::Processor do
  end
  shared_examples 'when policy is invalid' do
-    let_it_be(:policy_yml) do
+    let_it_be(:policy_yaml) do
-      <<-EOS
+      build(:scan_execution_policy_yaml, policies:
-      scan_execution_policy:
+      [build(:scan_execution_policy, rules: [{ type: 'pipeline', branches: 'production' }])])
-        -  name: Run DAST in every pipeline
-           description: This policy enforces to run DAST for every pipeline within the project
-           enabled: true
-           rules:
-           - type: pipeline
-             branches: "production"
-           actions:
-           - scan: dast
-             site_profile: Site Profile
-             scanner_profile: Scanner Profile
-      EOS
    end
    it 'does not modify the config', :aggregate_failures do

--- a/ee/spec/models/security/orchestration_policy_configuration_spec.rb
+++ b/ee/spec/models/security/orchestration_policy_configuration_spec.rb
--- a/ee/spec/requests/api/graphql/mutations/security_policy/commit_scan_execution_policy_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/security_policy/commit_scan_execution_policy_spec.rb
@@ -7,22 +7,7 @@ RSpec.describe 'Create scan execution policy for a project' do
  let_it_be(:current_user) { create(:user) }
  let_it_be(:project) { create(:project, :repository, namespace: current_user.namespace) }
-  let_it_be(:policy_yaml) do
+  let_it_be(:policy_yaml) { build(:scan_execution_policy).merge(type: 'scan_execution_policy').to_yaml }
-    <<-EOS
-        name: Run DAST in every pipeline
-        type: scan_execution_policy
-        description: This policy enforces to run DAST for every pipeline within the project
-        enabled: true
-        rules:
-        - type: pipeline
-          branches:
-          - "production"
-        actions:
-        - scan: dast
-          site_profile: Site Profile
-          scanner_profile: Scanner Profile
-    EOS
-  end
  def mutation
    variables = { project_path: project.full_path, policy_yaml: policy_yaml, operation_mode: 'APPEND' }

--- a/ee/spec/requests/projects/security/policies_controller_spec.rb
+++ b/ee/spec/requests/projects/security/policies_controller_spec.rb
@@ -8,18 +8,7 @@ RSpec.describe Projects::Security::PoliciesController, type: :request do
  let_it_be(:project) { create(:project, :repository, namespace: owner.namespace) }
  let_it_be(:policy_management_project) { create(:project, :repository, namespace: owner.namespace) }
  let_it_be(:policy_configuration) { create(:security_orchestration_policy_configuration, security_policy_management_project: policy_management_project, project: project) }
-  let_it_be(:policy) do
+  let_it_be(:policy) { build(:scan_execution_policy) }
-    {
-      name: 'Run DAST in every pipeline',
-      description: 'This policy enforces to run DAST for every pipeline within the project',
-      enabled: true,
-      rules: [{ type: 'pipeline', branches: %w[production] }],
-      actions: [
-        { scan: 'dast', site_profile: 'Site Profile', scanner_profile: 'Scanner Profile' }
-      ]
-    }
-  end
  let_it_be(:type) { 'scan_execution_policy' }
  let_it_be(:index) { project_security_policies_url(project) }
  let_it_be(:edit) { edit_project_security_policy_url(project, id: policy[:name], type: type) }