Commit 28c1d50c authored by Tetiana Chupryna's avatar Tetiana Chupryna Committed by Oswaldo Ferreira

Add Security setting model

This model is used for store settings related to
Security and Compliance page. Now it contains auto-fix settings,
but other settings are expected to be stored there too.
parent 9f018f2b
---
title: Add model for project level security auto-fix settings
merge_request: 32577
author:
type: added
# frozen_string_literal: true
class CreateProjectSecuritySettings < ActiveRecord::Migration[6.0]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
def up
with_lock_retries do
create_table :project_security_settings, id: false do |t|
t.references :project, primary_key: true, index: false, foreign_key: { on_delete: :cascade }
t.timestamps_with_timezone
t.boolean :auto_fix_container_scanning, default: true, null: false
t.boolean :auto_fix_dast, default: true, null: false
t.boolean :auto_fix_dependency_scanning, default: true, null: false
t.boolean :auto_fix_sast, default: true, null: false
end
end
end
def down
with_lock_retries do
drop_table :project_security_settings
end
end
end
...@@ -5313,6 +5313,25 @@ CREATE SEQUENCE public.project_repository_storage_moves_id_seq ...@@ -5313,6 +5313,25 @@ CREATE SEQUENCE public.project_repository_storage_moves_id_seq
ALTER SEQUENCE public.project_repository_storage_moves_id_seq OWNED BY public.project_repository_storage_moves.id; ALTER SEQUENCE public.project_repository_storage_moves_id_seq OWNED BY public.project_repository_storage_moves.id;
CREATE TABLE public.project_security_settings (
project_id bigint NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL,
auto_fix_container_scanning boolean DEFAULT true NOT NULL,
auto_fix_dast boolean DEFAULT true NOT NULL,
auto_fix_dependency_scanning boolean DEFAULT true NOT NULL,
auto_fix_sast boolean DEFAULT true NOT NULL
);
CREATE SEQUENCE public.project_security_settings_project_id_seq
START WITH 1
INCREMENT BY 1
NO MINVALUE
NO MAXVALUE
CACHE 1;
ALTER SEQUENCE public.project_security_settings_project_id_seq OWNED BY public.project_security_settings.project_id;
CREATE TABLE public.project_settings ( CREATE TABLE public.project_settings (
project_id integer NOT NULL, project_id integer NOT NULL,
created_at timestamp with time zone NOT NULL, created_at timestamp with time zone NOT NULL,
...@@ -7818,6 +7837,8 @@ ALTER TABLE ONLY public.project_repository_states ALTER COLUMN id SET DEFAULT ne ...@@ -7818,6 +7837,8 @@ ALTER TABLE ONLY public.project_repository_states ALTER COLUMN id SET DEFAULT ne
ALTER TABLE ONLY public.project_repository_storage_moves ALTER COLUMN id SET DEFAULT nextval('public.project_repository_storage_moves_id_seq'::regclass); ALTER TABLE ONLY public.project_repository_storage_moves ALTER COLUMN id SET DEFAULT nextval('public.project_repository_storage_moves_id_seq'::regclass);
ALTER TABLE ONLY public.project_security_settings ALTER COLUMN project_id SET DEFAULT nextval('public.project_security_settings_project_id_seq'::regclass);
ALTER TABLE ONLY public.project_statistics ALTER COLUMN id SET DEFAULT nextval('public.project_statistics_id_seq'::regclass); ALTER TABLE ONLY public.project_statistics ALTER COLUMN id SET DEFAULT nextval('public.project_statistics_id_seq'::regclass);
ALTER TABLE ONLY public.project_tracing_settings ALTER COLUMN id SET DEFAULT nextval('public.project_tracing_settings_id_seq'::regclass); ALTER TABLE ONLY public.project_tracing_settings ALTER COLUMN id SET DEFAULT nextval('public.project_tracing_settings_id_seq'::regclass);
...@@ -8744,6 +8765,9 @@ ALTER TABLE ONLY public.project_repository_states ...@@ -8744,6 +8765,9 @@ ALTER TABLE ONLY public.project_repository_states
ALTER TABLE ONLY public.project_repository_storage_moves ALTER TABLE ONLY public.project_repository_storage_moves
ADD CONSTRAINT project_repository_storage_moves_pkey PRIMARY KEY (id); ADD CONSTRAINT project_repository_storage_moves_pkey PRIMARY KEY (id);
ALTER TABLE ONLY public.project_security_settings
ADD CONSTRAINT project_security_settings_pkey PRIMARY KEY (project_id);
ALTER TABLE ONLY public.project_settings ALTER TABLE ONLY public.project_settings
ADD CONSTRAINT project_settings_pkey PRIMARY KEY (project_id); ADD CONSTRAINT project_settings_pkey PRIMARY KEY (project_id);
...@@ -12705,6 +12729,9 @@ ALTER TABLE ONLY public.ci_daily_report_results ...@@ -12705,6 +12729,9 @@ ALTER TABLE ONLY public.ci_daily_report_results
ALTER TABLE ONLY public.cluster_providers_aws ALTER TABLE ONLY public.cluster_providers_aws
ADD CONSTRAINT fk_rails_ed1fdfaeb2 FOREIGN KEY (created_by_user_id) REFERENCES public.users(id) ON DELETE SET NULL; ADD CONSTRAINT fk_rails_ed1fdfaeb2 FOREIGN KEY (created_by_user_id) REFERENCES public.users(id) ON DELETE SET NULL;
ALTER TABLE ONLY public.project_security_settings
ADD CONSTRAINT fk_rails_ed4abe1338 FOREIGN KEY (project_id) REFERENCES public.projects(id) ON DELETE CASCADE;
ALTER TABLE ONLY public.ci_daily_build_group_report_results ALTER TABLE ONLY public.ci_daily_build_group_report_results
ADD CONSTRAINT fk_rails_ee072d13b3 FOREIGN KEY (last_pipeline_id) REFERENCES public.ci_pipelines(id) ON DELETE CASCADE; ADD CONSTRAINT fk_rails_ee072d13b3 FOREIGN KEY (last_pipeline_id) REFERENCES public.ci_pipelines(id) ON DELETE CASCADE;
...@@ -13793,5 +13820,6 @@ COPY "schema_migrations" (version) FROM STDIN; ...@@ -13793,5 +13820,6 @@ COPY "schema_migrations" (version) FROM STDIN;
20200528123703 20200528123703
20200528125905 20200528125905
20200603073101 20200603073101
20200604143628
\. \.
...@@ -46,6 +46,7 @@ module EE ...@@ -46,6 +46,7 @@ module EE
has_one :feature_usage, class_name: 'ProjectFeatureUsage' has_one :feature_usage, class_name: 'ProjectFeatureUsage'
has_one :status_page_setting, inverse_of: :project, class_name: 'StatusPage::ProjectSetting' has_one :status_page_setting, inverse_of: :project, class_name: 'StatusPage::ProjectSetting'
has_one :compliance_framework_setting, class_name: 'ComplianceManagement::ComplianceFramework::ProjectSettings', inverse_of: :project has_one :compliance_framework_setting, class_name: 'ComplianceManagement::ComplianceFramework::ProjectSettings', inverse_of: :project
has_one :security_setting, class_name: 'ProjectSecuritySetting'
has_many :approvers, as: :target, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent has_many :approvers, as: :target, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
has_many :approver_users, through: :approvers, source: :user has_many :approver_users, through: :approvers, source: :user
......
# frozen_string_literal: true
#
class ProjectSecuritySetting < ApplicationRecord
self.primary_key = :project_id
belongs_to :project, inverse_of: :security_setting
end
...@@ -9,7 +9,8 @@ module EE ...@@ -9,7 +9,8 @@ module EE
EE_OVERRIDES = { EE_OVERRIDES = {
deploy_access_levels: 'ProtectedEnvironment::DeployAccessLevel', deploy_access_levels: 'ProtectedEnvironment::DeployAccessLevel',
unprotect_access_levels: 'ProtectedBranch::UnprotectAccessLevel' unprotect_access_levels: 'ProtectedBranch::UnprotectAccessLevel',
security_setting: 'ProjectSecuritySetting'
}.freeze }.freeze
class_methods do class_methods do
......
# frozen_string_literal: true
FactoryBot.define do
factory :project_security_setting do
project
end
end
# frozen_string_literal: true
require 'spec_helper'
describe ProjectSecuritySetting do
subject { create(:project_security_setting) }
describe 'associations' do
it { is_expected.to belong_to(:project) }
end
end
...@@ -27,6 +27,7 @@ RSpec.describe Project do ...@@ -27,6 +27,7 @@ RSpec.describe Project do
it { is_expected.to have_one(:repository_state).class_name('ProjectRepositoryState').inverse_of(:project) } it { is_expected.to have_one(:repository_state).class_name('ProjectRepositoryState').inverse_of(:project) }
it { is_expected.to have_one(:status_page_setting).class_name('StatusPage::ProjectSetting') } it { is_expected.to have_one(:status_page_setting).class_name('StatusPage::ProjectSetting') }
it { is_expected.to have_one(:compliance_framework_setting).class_name('ComplianceManagement::ComplianceFramework::ProjectSettings') } it { is_expected.to have_one(:compliance_framework_setting).class_name('ComplianceManagement::ComplianceFramework::ProjectSettings') }
it { is_expected.to have_one(:security_setting).class_name('ProjectSecuritySetting') }
it { is_expected.to have_many(:path_locks) } it { is_expected.to have_many(:path_locks) }
it { is_expected.to have_many(:vulnerability_feedback) } it { is_expected.to have_many(:vulnerability_feedback) }
......
...@@ -397,3 +397,4 @@ ee: ...@@ -397,3 +397,4 @@ ee:
- protected_environments: - protected_environments:
- :deploy_access_levels - :deploy_access_levels
- :service_desk_setting - :service_desk_setting
- :security_setting
...@@ -481,6 +481,7 @@ project: ...@@ -481,6 +481,7 @@ project:
- upstream_project_subscriptions - upstream_project_subscriptions
- downstream_project_subscriptions - downstream_project_subscriptions
- service_desk_setting - service_desk_setting
- security_setting
- import_failures - import_failures
- container_expiration_policy - container_expiration_policy
- resource_groups - resource_groups
......
...@@ -51,6 +51,7 @@ describe 'Test coverage of the Project Import' do ...@@ -51,6 +51,7 @@ describe 'Test coverage of the Project Import' do
project.metrics_setting project.metrics_setting
project.boards.lists.label.priorities project.boards.lists.label.priorities
project.service_desk_setting project.service_desk_setting
project.security_setting
].freeze ].freeze
end end
......
...@@ -862,3 +862,11 @@ SystemNoteMetadata: ...@@ -862,3 +862,11 @@ SystemNoteMetadata:
- action - action
- created_at - created_at
- updated_at - updated_at
ProjectSecuritySetting:
- project_id
- auto_fix_container_scanning
- auto_fix_dast
- auto_fix_dependency_scanning
- auto_fix_sast
- created_at
- updated_at
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment