Commit 0b0b46a9 authored by Zamir Martins's avatar Zamir Martins Committed by David Kim

Reset severity_levels default

parent 6351643b
# frozen_string_literal: true
class ResetSeverityLevelsToNewDefault < ActiveRecord::Migration[6.1]
ALL_SEVERITY_LEVELS = 6 # ::Enums::Vulnerability::SEVERITY_LEVELS.count
def up
execute(<<~SQL.squish)
UPDATE approval_project_rules
SET severity_levels = '{unknown, high, critical}'
WHERE array_length(severity_levels, 1) = #{ALL_SEVERITY_LEVELS};
SQL
end
def down
# no-op
end
end
d57791945f0d21da90a5b1d75db9add6c7e916ad3c13df2522c7d71d572baa47
\ No newline at end of file
...@@ -6,6 +6,7 @@ class ApprovalProjectRule < ApplicationRecord ...@@ -6,6 +6,7 @@ class ApprovalProjectRule < ApplicationRecord
UNSUPPORTED_SCANNER = 'cluster_image_scanning' UNSUPPORTED_SCANNER = 'cluster_image_scanning'
SUPPORTED_SCANNERS = (::Ci::JobArtifact::SECURITY_REPORT_FILE_TYPES - [UNSUPPORTED_SCANNER]).freeze SUPPORTED_SCANNERS = (::Ci::JobArtifact::SECURITY_REPORT_FILE_TYPES - [UNSUPPORTED_SCANNER]).freeze
DEFAULT_SEVERITIES = %w[unknown high critical].freeze
belongs_to :project belongs_to :project
has_and_belongs_to_many :protected_branches has_and_belongs_to_many :protected_branches
...@@ -32,7 +33,7 @@ class ApprovalProjectRule < ApplicationRecord ...@@ -32,7 +33,7 @@ class ApprovalProjectRule < ApplicationRecord
default_value_for :vulnerabilities_allowed, allows_nil: false, value: 0 default_value_for :vulnerabilities_allowed, allows_nil: false, value: 0
validates :severity_levels, inclusion: { in: ::Enums::Vulnerability.severity_levels.keys } validates :severity_levels, inclusion: { in: ::Enums::Vulnerability.severity_levels.keys }
default_value_for :severity_levels, allows_nil: false, value: ::Enums::Vulnerability.severity_levels.keys default_value_for :severity_levels, allows_nil: false, value: DEFAULT_SEVERITIES
def applies_to_branch?(branch) def applies_to_branch?(branch)
return true if protected_branches.empty? return true if protected_branches.empty?
......
...@@ -9,6 +9,12 @@ RSpec.describe ApprovalProjectRule do ...@@ -9,6 +9,12 @@ RSpec.describe ApprovalProjectRule do
it 'is invalid when name not unique within rule type and project' do it 'is invalid when name not unique within rule type and project' do
is_expected.to validate_uniqueness_of(:name).scoped_to([:project_id, :rule_type]) is_expected.to validate_uniqueness_of(:name).scoped_to([:project_id, :rule_type])
end end
context 'DEFAULT_SEVERITIES' do
it 'contains a valid subset of severity levels' do
expect(::Enums::Vulnerability.severity_levels.keys).to include(*described_class::DEFAULT_SEVERITIES)
end
end
end end
describe 'associations' do describe 'associations' do
......
...@@ -151,7 +151,7 @@ RSpec.shared_examples 'an API endpoint for updating project approval rule' do ...@@ -151,7 +151,7 @@ RSpec.shared_examples 'an API endpoint for updating project approval rule' do
it 'returns 200 status' do it 'returns 200 status' do
expect do expect do
put api(url, current_user), params: { severity_levels: severity_levels } put api(url, current_user), params: { severity_levels: severity_levels }
end.to change { approval_rule.reload.severity_levels.count }.from(::Enums::Vulnerability.severity_levels.keys.count).to(severity_levels.count) end.to change { approval_rule.reload.severity_levels.count }.from(::ApprovalProjectRule::DEFAULT_SEVERITIES.count).to(severity_levels.count)
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
end end
end end
......
# frozen_string_literal: true
require 'spec_helper'
require_migration!
RSpec.describe ResetSeverityLevelsToNewDefault do
let(:approval_project_rules) { table(:approval_project_rules) }
let(:projects) { table(:projects)}
let(:namespaces) { table(:namespaces)}
let(:namespace) { namespaces.create!(name: 'namespace', path: 'namespace')}
let(:project) { projects.create!(name: 'project', path: 'project', namespace_id: namespace.id)}
let(:approval_project_rule) { approval_project_rules.create!(name: 'rule', project_id: project.id, severity_levels: severity_levels) }
context 'without having all severity levels selected' do
let(:severity_levels) { ['high'] }
it 'does not change severity_levels' do
expect(approval_project_rule.severity_levels).to eq(severity_levels)
expect { migrate! }.not_to change { approval_project_rule.reload.severity_levels }
end
end
context 'with all scanners selected' do
let(:severity_levels) { ::Enums::Vulnerability::SEVERITY_LEVELS.keys }
let(:default_levels) { %w(unknown high critical) }
it 'changes severity_levels to the default value' do
expect(approval_project_rule.severity_levels).to eq(severity_levels)
expect { migrate! }.to change {approval_project_rule.reload.severity_levels}.from(severity_levels).to(default_levels)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment