Commit 36d97bf1 authored by Philip Cunningham's avatar Philip Cunningham

Move DAST variables services to AppSec namespace

- Renames both services for secret variables
- Updates specs and cleans up usages
parent 8ac59c7d
# frozen_string_literal: true
module AppSec
module Dast
module SiteProfileSecretVariables
class CreateOrUpdateService < BaseContainerService
def execute
return error_response('Insufficient permissions') unless allowed?
return error_response('Dast site profile param is missing') unless site_profile
return error_response('Key param is missing') unless key
return error_response('Raw value param is missing') unless raw_value
secret_variable = find_or_create_secret_variable
return error_response(secret_variable.errors.full_messages) unless secret_variable.valid? && secret_variable.persisted?
success_response(secret_variable)
end
private
def allowed?
Ability.allowed?(current_user, :create_on_demand_dast_scan, container)
end
def site_profile
params[:dast_site_profile]
end
def key
params[:key]
end
def raw_value
params[:raw_value]
end
def success_response(secret_variable)
ServiceResponse.success(payload: secret_variable)
end
def error_response(message)
ServiceResponse.error(message: message)
end
# rubocop: disable CodeReuse/ActiveRecord
def find_or_create_secret_variable
secret_variable = ::Dast::SiteProfileSecretVariable.find_or_initialize_by(dast_site_profile: site_profile, key: key)
secret_variable.update(raw_value: raw_value)
secret_variable
end
# rubocop: enable CodeReuse/ActiveRecord
end
end
end
end
# frozen_string_literal: true
module AppSec
module Dast
module SiteProfileSecretVariables
class DestroyService < BaseContainerService
def execute
return ServiceResponse.error(message: 'Insufficient permissions') unless allowed?
return ServiceResponse.error(message: 'Variable parameter missing') unless dast_site_profile_secret_variable
return ServiceResponse.error(message: 'Variable failed to delete') unless dast_site_profile_secret_variable.destroy
ServiceResponse.success(payload: dast_site_profile_secret_variable)
end
private
def allowed?
Ability.allowed?(current_user, :create_on_demand_dast_scan, container)
end
def dast_site_profile_secret_variable
params[:dast_site_profile_secret_variable]
end
end
end
end
end
......@@ -51,7 +51,7 @@ module AppSec
def create_secret_variable!(key, value)
return ServiceResponse.success unless value
response = ::Dast::SiteProfileSecretVariables::CreateOrUpdateService.new(
response = ::AppSec::Dast::SiteProfileSecretVariables::CreateOrUpdateService.new(
container: project,
current_user: current_user,
params: { dast_site_profile: dast_site_profile, key: key, raw_value: value }
......
......@@ -73,7 +73,7 @@ module AppSec
return delete_secret_variable!(key) if value == ''
response = ::Dast::SiteProfileSecretVariables::CreateOrUpdateService.new(
response = ::AppSec::Dast::SiteProfileSecretVariables::CreateOrUpdateService.new(
container: project,
current_user: current_user,
params: { dast_site_profile: dast_site_profile, key: key, raw_value: value }
......@@ -90,7 +90,7 @@ module AppSec
return ServiceResponse.success unless variable
response = ::Dast::SiteProfileSecretVariables::DestroyService.new(
response = ::AppSec::Dast::SiteProfileSecretVariables::DestroyService.new(
container: project,
current_user: current_user,
params: { dast_site_profile_secret_variable: variable }
......
# frozen_string_literal: true
module Dast
module SiteProfileSecretVariables
class CreateOrUpdateService < BaseContainerService
def execute
return error_response('Insufficient permissions') unless allowed?
return error_response('Dast site profile param is missing') unless site_profile
return error_response('Key param is missing') unless key
return error_response('Raw value param is missing') unless raw_value
secret_variable = find_or_create_secret_variable
return error_response(secret_variable.errors.full_messages) unless secret_variable.valid? && secret_variable.persisted?
success_response(secret_variable)
end
private
def allowed?
Ability.allowed?(current_user, :create_on_demand_dast_scan, container)
end
def site_profile
params[:dast_site_profile]
end
def key
params[:key]
end
def raw_value
params[:raw_value]
end
def success_response(secret_variable)
ServiceResponse.success(payload: secret_variable)
end
def error_response(message)
ServiceResponse.error(message: message)
end
# rubocop: disable CodeReuse/ActiveRecord
def find_or_create_secret_variable
secret_variable = Dast::SiteProfileSecretVariable.find_or_initialize_by(dast_site_profile: site_profile, key: key)
secret_variable.update(raw_value: raw_value)
secret_variable
end
# rubocop: enable CodeReuse/ActiveRecord
end
end
end
# frozen_string_literal: true
module Dast
module SiteProfileSecretVariables
class DestroyService < BaseContainerService
def execute
return ServiceResponse.error(message: 'Insufficient permissions') unless allowed?
return ServiceResponse.error(message: 'Variable parameter missing') unless dast_site_profile_secret_variable
return ServiceResponse.error(message: 'Variable failed to delete') unless dast_site_profile_secret_variable.destroy
ServiceResponse.success(payload: dast_site_profile_secret_variable)
end
private
def allowed?
Ability.allowed?(current_user, :create_on_demand_dast_scan, container)
end
def dast_site_profile_secret_variable
params[:dast_site_profile_secret_variable]
end
end
end
end
......@@ -129,10 +129,10 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
context 'when variable creation fails' do
it 'returns an error and the dast_site_profile' do
service = double(Dast::SiteProfileSecretVariables::CreateOrUpdateService)
service = double(AppSec::Dast::SiteProfileSecretVariables::CreateOrUpdateService)
result = ServiceResponse.error(payload: create(:dast_site_profile), message: 'Oops')
allow(Dast::SiteProfileSecretVariables::CreateOrUpdateService).to receive(:new).and_return(service)
allow(AppSec::Dast::SiteProfileSecretVariables::CreateOrUpdateService).to receive(:new).and_return(service)
allow(service).to receive(:execute).and_return(result)
expect(subject).to include(errors: ['Oops'])
......
......@@ -146,10 +146,10 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
context 'when variable creation fails' do
it 'returns an error and the dast_site_profile' do
service = double(Dast::SiteProfileSecretVariables::CreateOrUpdateService)
service = double(AppSec::Dast::SiteProfileSecretVariables::CreateOrUpdateService)
result = ServiceResponse.error(payload: create(:dast_site_profile), message: 'Oops')
allow(Dast::SiteProfileSecretVariables::CreateOrUpdateService).to receive(:new).and_return(service)
allow(AppSec::Dast::SiteProfileSecretVariables::CreateOrUpdateService).to receive(:new).and_return(service)
allow(service).to receive(:execute).and_return(result)
expect(subject).to include(errors: ['Oops'])
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
RSpec.describe Dast::SiteProfileSecretVariables::CreateOrUpdateService do
RSpec.describe AppSec::Dast::SiteProfileSecretVariables::CreateOrUpdateService do
let_it_be(:project) { create(:project) }
let_it_be(:dast_profile) { create(:dast_profile, project: project) }
let_it_be(:developer) { create(:user, developer_projects: [project] ) }
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
RSpec.describe Dast::SiteProfileSecretVariables::DestroyService do
RSpec.describe AppSec::Dast::SiteProfileSecretVariables::DestroyService do
include GraphqlHelpers
let_it_be(:user) { create(:user) }
......
......@@ -150,7 +150,7 @@ RSpec.describe AppSec::Dast::SiteProfiles::CreateService do
shared_examples 'it handles secret variable creation failure' do
before do
allow_next_instance_of(Dast::SiteProfileSecretVariables::CreateOrUpdateService) do |service|
allow_next_instance_of(AppSec::Dast::SiteProfileSecretVariables::CreateOrUpdateService) do |service|
response = ServiceResponse.error(message: 'Something went wrong')
allow(service).to receive(:execute).and_return(response)
......
......@@ -184,7 +184,7 @@ RSpec.describe AppSec::Dast::SiteProfiles::UpdateService do
shared_examples 'it handles secret variable updating failure' do
before do
allow_next_instance_of(Dast::SiteProfileSecretVariables::CreateOrUpdateService) do |service|
allow_next_instance_of(AppSec::Dast::SiteProfileSecretVariables::CreateOrUpdateService) do |service|
response = ServiceResponse.error(message: 'Something went wrong')
allow(service).to receive(:execute).and_return(response)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment