Commit 23cc83bd authored by Douglas Barbosa Alexandre's avatar Douglas Barbosa Alexandre

Merge branch '321258-redirect-threat-monitoring-actions' into 'master'

Redirect threat_monitoring policies endpoints

See merge request gitlab-org/gitlab!71517
parents c2d5387a d568be91
import initPolicyEditorApp from 'ee/threat_monitoring/policy_editor';
initPolicyEditorApp();
import initPolicyEditorApp from 'ee/threat_monitoring/policy_editor';
initPolicyEditorApp();
......@@ -6,10 +6,6 @@ module Projects
before_action :authorize_read_threat_monitoring!
before_action do
push_frontend_feature_flag(:security_orchestration_policies_configuration, @project, default_enabled: :yaml)
end
feature_category :not_owned
# rubocop: disable CodeReuse/ActiveRecord
......@@ -19,19 +15,17 @@ module Projects
# rubocop: enable CodeReuse/ActiveRecord
def edit
@environment = project.environments.find(params[:environment_id])
@policy_name = params[:id]
response = NetworkPolicies::FindResourceService.new(
resource_name: @policy_name,
environment: @environment,
kind: params[:kind].presence || Gitlab::Kubernetes::CiliumNetworkPolicy::KIND
).execute
if response.success?
@policy = response.payload
else
render_404
redirect_to edit_project_security_policy_path(
project,
environment_id: params[:environment_id],
id: params[:id],
type: :container_policy,
kind: params[:kind]
)
end
def new
redirect_to new_project_security_policy_path(project)
end
end
end
# frozen_string_literal: true
module PolicyHelper
def policy_details(project, policy = nil, environment = nil)
return unless project
details = details(project)
return details unless policy && environment
edit_details = {
policy: policy.to_json,
environment_id: environment.id
}
details.merge(edit_details)
end
def threat_monitoring_alert_details_data(project, alert_iid)
{
'alert-id' => alert_iid,
'project-path' => project.full_path,
'project-id' => project.id,
'project-issues-path' => project_issues_path(project),
'page' => 'THREAT_MONITORING'
}
end
private
def details(project)
disable_scan_execution_update = !can_update_security_orchestration_policy_project?(project)
{
assigned_policy_project: assigned_policy_project(project).to_json,
default_environment_id: project.default_environment&.id || -1,
disable_scan_execution_update: disable_scan_execution_update.to_s,
network_policies_endpoint: project_security_network_policies_path(project),
configure_agent_help_path: help_page_url('user/clusters/agent/repository.html'),
create_agent_help_path: help_page_url('user/clusters/agent/index.md', anchor: 'create-an-agent-record-in-gitlab'),
environments_endpoint: project_environments_path(project),
network_documentation_path: help_page_path('user/application_security/policies/index'),
no_environment_svg_path: image_path('illustrations/monitoring/unable_to_connect.svg'),
project_path: project.full_path,
project_id: project.id,
threat_monitoring_path: project_threat_monitoring_path(project)
}
end
end
# frozen_string_literal: true
module Projects::ThreatMonitoringHelper
def threat_monitoring_alert_details_data(project, alert_iid)
{
'alert-id' => alert_iid,
'project-path' => project.full_path,
'project-id' => project.id,
'project-issues-path' => project_issues_path(project),
'page' => 'THREAT_MONITORING'
}
end
end
- add_to_breadcrumbs s_("ThreatMonitoring|Threat Monitoring"), project_threat_monitoring_path(@project)
- breadcrumb_title @policy_name
- page_title s_("NetworkPolicies|Policy editor")
- policy_details = policy_details(@project, @policy, @environment)
#js-policy-builder-app{ data: policy_details }
- add_to_breadcrumbs s_("ThreatMonitoring|Threat Monitoring"), project_threat_monitoring_path(@project)
- breadcrumb_title s_("NetworkPolicies|New policy")
- page_title s_("NetworkPolicies|Policy editor")
- policy_details = policy_details(@project)
#js-policy-builder-app{ data: policy_details }
......@@ -75,33 +75,15 @@ RSpec.describe Projects::ThreatMonitoringController do
context 'with authorized user' do
before do
stub_licensed_features(threat_monitoring: true)
project.add_developer(user)
sign_in(user)
end
context 'when feature is available' do
before do
stub_licensed_features(threat_monitoring: true)
end
it 'renders the new template' do
it 'redirects to policies#new page' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:new)
end
end
context 'when feature is not available' do
before do
stub_licensed_features(threat_monitoring: false)
end
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
expect(response).to redirect_to(new_project_security_policy_path(project))
end
end
......@@ -110,18 +92,12 @@ RSpec.describe Projects::ThreatMonitoringController do
sign_in(user)
end
context 'when feature is available' do
before do
stub_licensed_features(threat_monitoring: true)
end
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'with anonymous user' do
it 'returns 302' do
......@@ -144,12 +120,6 @@ RSpec.describe Projects::ThreatMonitoringController do
let(:kind) { 'CiliumNetworkPolicy' }
context 'with authorized user' do
before do
project.add_developer(user)
sign_in(user)
end
context 'when feature is available' do
let(:service) { instance_double('NetworkPolicies::FindResourceService', execute: ServiceResponse.success(payload: policy)) }
let(:policy) do
Gitlab::Kubernetes::CiliumNetworkPolicy.new(
......@@ -168,73 +138,24 @@ RSpec.describe Projects::ThreatMonitoringController do
.with(resource_name: 'policy', environment: environment, kind: Gitlab::Kubernetes::CiliumNetworkPolicy::KIND)
.and_return(service)
)
project.add_developer(user)
sign_in(user)
end
it 'renders the new template' do
it 'redirects to policies#edit page' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:edit)
end
context 'when different policy kind is requested' do
let(:policy) do
Gitlab::Kubernetes::NetworkPolicy.new(
name: 'not-cilium-policy',
namespace: 'another',
selector: { matchLabels: { role: 'db' } },
ingress: [{ from: [{ namespaceSelector: { matchLabels: { project: 'myproject' } } }] }]
expect(response).to redirect_to(
edit_project_security_policy_path(
project,
environment_id: environment_id,
id: 'policy',
type: :container_policy,
kind: kind
)
end
before do
allow(NetworkPolicies::FindResourceService).to(
receive(:new)
.with(resource_name: 'policy', environment: environment, kind: Gitlab::Kubernetes::NetworkPolicy::KIND)
.and_return(service)
)
end
it 'renders the new template' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:edit)
end
end
context 'when environment is missing' do
let(:environment_id) { 'missing' }
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'when service failed' do
let(:service) { instance_double('NetworkPolicies::FindResourceService', execute: ServiceResponse.error(message: 'error')) }
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'when feature is not available' do
before do
stub_licensed_features(threat_monitoring: false)
end
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'with unauthorized user' do
......@@ -242,18 +163,12 @@ RSpec.describe Projects::ThreatMonitoringController do
sign_in(user)
end
context 'when feature is available' do
before do
stub_licensed_features(threat_monitoring: true)
end
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'with anonymous user' do
it 'returns 302' do
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe PolicyHelper do
let(:project) { create(:project, :repository, :public) }
let(:environment) { create(:environment, project: project) }
let(:policy) do
Gitlab::Kubernetes::CiliumNetworkPolicy.new(
name: 'policy',
namespace: 'another',
selector: { matchLabels: { role: 'db' } },
ingress: [{ from: [{ namespaceSelector: { matchLabels: { project: 'myproject' } } }] }]
)
end
let(:base_data) do
{
assigned_policy_project: "null",
default_environment_id: -1,
disable_scan_execution_update: "false",
network_policies_endpoint: kind_of(String),
configure_agent_help_path: kind_of(String),
create_agent_help_path: kind_of(String),
environments_endpoint: kind_of(String),
network_documentation_path: kind_of(String),
no_environment_svg_path: kind_of(String),
project_path: project.full_path,
project_id: project.id,
threat_monitoring_path: kind_of(String)
}
end
describe '#policy_details' do
let(:owner) { project.owner }
before do
allow(helper).to receive(:current_user) { owner }
allow(helper).to receive(:can?).with(owner, :update_security_orchestration_policy_project, project) { true }
end
context 'when a new policy is being created' do
subject { helper.policy_details(project) }
it 'returns expected policy data' do
expect(subject).to match(base_data)
end
end
context 'when an existing policy is being edited' do
subject { helper.policy_details(project, policy, environment) }
it 'returns expected policy data' do
expect(subject).to match(
base_data.merge(
default_environment_id: project.default_environment.id,
policy: policy.to_json,
environment_id: environment.id
)
)
end
end
context 'when no environment is passed in' do
subject { helper.policy_details(project, policy) }
it 'returns expected policy data' do
expect(subject).to match(base_data)
end
end
end
describe '#policy_alert_details' do
let(:alert) { build(:alert_management_alert, project: project) }
context 'when a new alert is created' do
subject { helper.threat_monitoring_alert_details_data(project, alert.iid) }
it 'returns expected policy data' do
expect(subject).to match({
'alert-id' => alert.iid,
'project-path' => project.full_path,
'project-id' => project.id,
'project-issues-path' => project_issues_path(project),
'page' => 'THREAT_MONITORING'
})
end
end
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Projects::ThreatMonitoringHelper do
let(:project) { create(:project, :repository, :public) }
describe '#threat_monitoring_alert_details_data' do
let(:alert) { build(:alert_management_alert, project: project) }
context 'when a new alert is created' do
subject { helper.threat_monitoring_alert_details_data(project, alert.iid) }
it 'returns expected alert data' do
expect(subject).to match({
'alert-id' => alert.iid,
'project-path' => project.full_path,
'project-id' => project.id,
'project-issues-path' => project_issues_path(project),
'page' => 'THREAT_MONITORING'
})
end
end
end
end
......@@ -22544,9 +22544,6 @@ msgstr ""
msgid "NetworkPolicies|Network traffic"
msgstr ""
msgid "NetworkPolicies|New policy"
msgstr ""
msgid "NetworkPolicies|None selected"
msgstr ""
......@@ -22559,9 +22556,6 @@ msgstr ""
msgid "NetworkPolicies|Policy definition"
msgstr ""
msgid "NetworkPolicies|Policy editor"
msgstr ""
msgid "NetworkPolicies|Rule"
msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment