Commit 75e596fe authored by Douglas Barbosa Alexandre's avatar Douglas Barbosa Alexandre

Merge branch 'djadmin-dast-site-ff-removal' into 'master'

Remove DAST site profile related feature flags [RUN ALL RSPEC] [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!61460
parents 6c28fd6b 7a44cd4e
---
name: security_dast_site_profiles_additional_fields
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/46848
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/292897
milestone: '13.7'
type: development
group: group::dynamic analysis
default_enabled: true
---
name: security_dast_site_profiles_api_option
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58723
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/325130
milestone: '13.12'
type: development
group: group::dynamic analysis
default_enabled: true
......@@ -1533,13 +1533,13 @@ Input type: `DastSiteProfileCreateInput`
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="mutationdastsiteprofilecreateauth"></a>`auth` | [`DastSiteProfileAuthInput`](#dastsiteprofileauthinput) | Parameters for authentication. Will be ignored if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
| <a id="mutationdastsiteprofilecreateauth"></a>`auth` | [`DastSiteProfileAuthInput`](#dastsiteprofileauthinput) | Parameters for authentication. |
| <a id="mutationdastsiteprofilecreateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
| <a id="mutationdastsiteprofilecreateexcludedurls"></a>`excludedUrls` | [`[String!]`](#string) | The URLs to skip during an authenticated scan. Defaults to `[]`. Will be ignored if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
| <a id="mutationdastsiteprofilecreateexcludedurls"></a>`excludedUrls` | [`[String!]`](#string) | The URLs to skip during an authenticated scan. Defaults to `[]`. |
| <a id="mutationdastsiteprofilecreatefullpath"></a>`fullPath` | [`ID!`](#id) | The project the site profile belongs to. |
| <a id="mutationdastsiteprofilecreateprofilename"></a>`profileName` | [`String!`](#string) | The name of the site profile. |
| <a id="mutationdastsiteprofilecreaterequestheaders"></a>`requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. Will be ignored if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
| <a id="mutationdastsiteprofilecreatetargettype"></a>`targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. Will be ignored if `security_dast_site_profiles_api_option` feature flag is disabled. |
| <a id="mutationdastsiteprofilecreaterequestheaders"></a>`requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. |
| <a id="mutationdastsiteprofilecreatetargettype"></a>`targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. |
| <a id="mutationdastsiteprofilecreatetargeturl"></a>`targetUrl` | [`String`](#string) | The URL of the target to be scanned. |
#### Fields
......@@ -1577,14 +1577,14 @@ Input type: `DastSiteProfileUpdateInput`
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="mutationdastsiteprofileupdateauth"></a>`auth` | [`DastSiteProfileAuthInput`](#dastsiteprofileauthinput) | Parameters for authentication. Will be ignored if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
| <a id="mutationdastsiteprofileupdateauth"></a>`auth` | [`DastSiteProfileAuthInput`](#dastsiteprofileauthinput) | Parameters for authentication. |
| <a id="mutationdastsiteprofileupdateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
| <a id="mutationdastsiteprofileupdateexcludedurls"></a>`excludedUrls` | [`[String!]`](#string) | The URLs to skip during an authenticated scan. Will be ignored if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
| <a id="mutationdastsiteprofileupdateexcludedurls"></a>`excludedUrls` | [`[String!]`](#string) | The URLs to skip during an authenticated scan. |
| <a id="mutationdastsiteprofileupdatefullpath"></a>`fullPath` | [`ID!`](#id) | The project the site profile belongs to. |
| <a id="mutationdastsiteprofileupdateid"></a>`id` | [`DastSiteProfileID!`](#dastsiteprofileid) | ID of the site profile to be updated. |
| <a id="mutationdastsiteprofileupdateprofilename"></a>`profileName` | [`String!`](#string) | The name of the site profile. |
| <a id="mutationdastsiteprofileupdaterequestheaders"></a>`requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. Will be ignored if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
| <a id="mutationdastsiteprofileupdatetargettype"></a>`targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. Will be ignored if `security_dast_site_profiles_api_option` feature flag is disabled. |
| <a id="mutationdastsiteprofileupdaterequestheaders"></a>`requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. |
| <a id="mutationdastsiteprofileupdatetargettype"></a>`targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. |
| <a id="mutationdastsiteprofileupdatetargeturl"></a>`targetUrl` | [`String`](#string) | The URL of the target to be scanned. |
#### Fields
......@@ -7857,15 +7857,15 @@ Represents a DAST Site Profile.
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="dastsiteprofileauth"></a>`auth` | [`DastSiteProfileAuth`](#dastsiteprofileauth) | Target authentication details. Will always return `null` if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
| <a id="dastsiteprofileauth"></a>`auth` | [`DastSiteProfileAuth`](#dastsiteprofileauth) | Target authentication details. |
| <a id="dastsiteprofileeditpath"></a>`editPath` | [`String`](#string) | Relative web path to the edit page of a site profile. |
| <a id="dastsiteprofileexcludedurls"></a>`excludedUrls` | [`[String!]`](#string) | The URLs to skip during an authenticated scan. Will always return `null` if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
| <a id="dastsiteprofileexcludedurls"></a>`excludedUrls` | [`[String!]`](#string) | The URLs to skip during an authenticated scan. |
| <a id="dastsiteprofileid"></a>`id` | [`DastSiteProfileID!`](#dastsiteprofileid) | ID of the site profile. |
| <a id="dastsiteprofilenormalizedtargeturl"></a>`normalizedTargetUrl` | [`String`](#string) | Normalized URL of the target to be scanned. |
| <a id="dastsiteprofileprofilename"></a>`profileName` | [`String`](#string) | The name of the site profile. |
| <a id="dastsiteprofilereferencedinsecuritypolicies"></a>`referencedInSecurityPolicies` | [`[String!]`](#string) | List of security policy names that are referencing given project. |
| <a id="dastsiteprofilerequestheaders"></a>`requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. Will always return `null` if `security_dast_site_profiles_additional_fields` feature flag is disabled. |
| <a id="dastsiteprofiletargettype"></a>`targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. Will always return `null` if `security_dast_site_profiles_api_option` feature flag is disabled. |
| <a id="dastsiteprofilerequestheaders"></a>`requestHeaders` | [`String`](#string) | Comma-separated list of request header names and values to be added to every request made by DAST. |
| <a id="dastsiteprofiletargettype"></a>`targetType` | [`DastTargetTypeEnum`](#dasttargettypeenum) | The type of target to be scanned. |
| <a id="dastsiteprofiletargeturl"></a>`targetUrl` | [`String`](#string) | The URL of the target to be scanned. |
| <a id="dastsiteprofileuserpermissions"></a>`userPermissions` | [`DastSiteProfilePermissions!`](#dastsiteprofilepermissions) | Permissions for the current user on the resource. |
| <a id="dastsiteprofilevalidationstatus"></a>`validationStatus` | [`DastSiteProfileValidationStatusEnum`](#dastsiteprofilevalidationstatusenum) | The current validation status of the site profile. |
......
......@@ -55,47 +55,41 @@ export default {
:label="$options.i18n.targetUrl"
:value="profile.targetUrl"
/>
<profile-selector-summary-cell
v-if="glFeatures.securityDastSiteProfilesApiOption"
:label="$options.i18n.targetType"
:value="targetTypeValue"
/>
<profile-selector-summary-cell :label="$options.i18n.targetType" :value="targetTypeValue" />
</div>
<template v-if="glFeatures.securityDastSiteProfilesAdditionalFields">
<template v-if="profile.auth.enabled">
<div class="row">
<profile-selector-summary-cell :label="$options.i18n.authUrl" :value="profile.auth.url" />
</div>
<div class="row">
<profile-selector-summary-cell
:label="$options.i18n.username"
:value="profile.auth.username"
/>
<profile-selector-summary-cell :label="$options.i18n.password" value="••••••••" />
</div>
<div class="row">
<profile-selector-summary-cell
:label="$options.i18n.usernameField"
:value="profile.auth.usernameField"
/>
<profile-selector-summary-cell
:label="$options.i18n.passwordField"
:value="profile.auth.passwordField"
/>
</div>
</template>
<template v-if="profile.auth.enabled">
<div class="row">
<profile-selector-summary-cell :label="$options.i18n.authUrl" :value="profile.auth.url" />
</div>
<div class="row">
<profile-selector-summary-cell
:label="$options.i18n.username"
:value="profile.auth.username"
/>
<profile-selector-summary-cell :label="$options.i18n.password" value="••••••••" />
</div>
<div class="row">
<profile-selector-summary-cell
v-if="hasExcludedUrls"
:label="$options.i18n.excludedUrls"
:value="profile.excludedUrls.join($options.EXCLUDED_URLS_SEPARATOR)"
:label="$options.i18n.usernameField"
:value="profile.auth.usernameField"
/>
<profile-selector-summary-cell
v-if="profile.requestHeaders"
:label="$options.i18n.requestHeaders"
:value="__('[Redacted]')"
:label="$options.i18n.passwordField"
:value="profile.auth.passwordField"
/>
</div>
</template>
<div class="row">
<profile-selector-summary-cell
v-if="hasExcludedUrls"
:label="$options.i18n.excludedUrls"
:value="profile.excludedUrls.join($options.EXCLUDED_URLS_SEPARATOR)"
/>
<profile-selector-summary-cell
v-if="profile.requestHeaders"
:label="$options.i18n.requestHeaders"
:value="__('[Redacted]')"
/>
</div>
</div>
</template>
......@@ -168,18 +168,12 @@ export default {
return authFields;
},
isTargetAPI() {
return (
this.glFeatures.securityDastSiteProfilesApiOption &&
this.form.fields.targetType.value === TARGET_TYPES.API.value
);
return this.form.fields.targetType.value === TARGET_TYPES.API.value;
},
},
methods: {
onSubmit() {
const isAuthEnabled =
this.glFeatures.securityDastSiteProfilesAdditionalFields &&
this.authSection.fields.enabled &&
!this.isTargetAPI;
const isAuthEnabled = this.authSection.fields.enabled && !this.isTargetAPI;
this.form.showValidation = true;
......@@ -205,17 +199,13 @@ export default {
...(this.isEdit ? { id: this.siteProfile.id } : {}),
profileName,
targetUrl,
...(this.glFeatures.securityDastSiteProfilesApiOption && {
targetType,
targetType,
...(!this.isTargetAPI && { auth: this.serializedAuthFields }),
...(excludedUrls && {
excludedUrls: this.parsedExcludedUrls,
}),
...(this.glFeatures.securityDastSiteProfilesAdditionalFields && {
...(!this.isTargetAPI && { auth: this.serializedAuthFields }),
...(excludedUrls && {
excludedUrls: this.parsedExcludedUrls,
}),
...(requestHeaders !== REDACTED_REQUEST_HEADERS && {
requestHeaders,
}),
...(requestHeaders !== REDACTED_REQUEST_HEADERS && {
requestHeaders,
}),
},
};
......@@ -339,10 +329,7 @@ export default {
<hr class="gl-border-gray-100" />
<gl-form-group
v-if="glFeatures.securityDastSiteProfilesApiOption"
:label="s__('DastProfiles|Site type')"
>
<gl-form-group :label="s__('DastProfiles|Site type')">
<gl-form-radio-group
v-model="form.fields.targetType.value"
:options="targetTypesOptions"
......@@ -367,7 +354,7 @@ export default {
/>
</gl-form-group>
<div v-if="glFeatures.securityDastSiteProfilesAdditionalFields" class="row">
<div class="row">
<gl-form-group
:label="s__('DastProfiles|Excluded URLs (Optional)')"
:invalid-feedback="form.fields.excludedUrls.feedback"
......@@ -417,7 +404,7 @@ export default {
</gl-form-group>
<dast-site-auth-section
v-if="glFeatures.securityDastSiteProfilesAdditionalFields && !isTargetAPI"
v-if="!isTargetAPI"
v-model="authSection"
:disabled="isPolicyProfile"
:show-validation="form.showValidation"
......
......@@ -4,11 +4,6 @@ module Projects
class OnDemandScansController < Projects::ApplicationController
include SecurityAndCompliancePermissions
before_action do
push_frontend_feature_flag(:security_dast_site_profiles_additional_fields, @project, default_enabled: :yaml)
push_frontend_feature_flag(:security_dast_site_profiles_api_option, @project, default_enabled: :yaml)
end
before_action :authorize_read_on_demand_scans!, only: :index
before_action :authorize_create_on_demand_dast_scan!, only: [:new, :edit]
......
......@@ -8,8 +8,6 @@ module Projects
before_action do
authorize_read_on_demand_scans!
push_frontend_feature_flag(:security_dast_site_profiles_additional_fields, @project, default_enabled: :yaml)
push_frontend_feature_flag(:security_dast_site_profiles_api_option, @project, default_enabled: :yaml)
end
feature_category :dynamic_application_security_testing
......
......@@ -25,39 +25,35 @@ module Mutations
argument :target_type, Types::DastTargetTypeEnum,
required: false,
description: 'The type of target to be scanned. Will be ignored ' \
'if `security_dast_site_profiles_api_option` feature flag is disabled.'
description: 'The type of target to be scanned.'
argument :excluded_urls, [GraphQL::STRING_TYPE],
required: false,
default_value: [],
description: 'The URLs to skip during an authenticated scan. Defaults to `[]`. Will be ignored ' \
'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
description: 'The URLs to skip during an authenticated scan. Defaults to `[]`.'
argument :request_headers, GraphQL::STRING_TYPE,
required: false,
description: 'Comma-separated list of request header names and values to be ' \
'added to every request made by DAST. Will be ignored ' \
'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
'added to every request made by DAST.'
argument :auth, ::Types::Dast::SiteProfileAuthInputType,
required: false,
description: 'Parameters for authentication. Will be ignored ' \
'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
description: 'Parameters for authentication.'
authorize :create_on_demand_dast_scan
def resolve(full_path:, profile_name:, target_url: nil, **params)
project = authorized_find!(full_path)
auth_params = feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:auth], default: {})
auth_params = params[:auth] || {}
dast_site_profile_params = {
name: profile_name,
target_url: target_url,
target_type: feature_flagged(project, :security_dast_site_profiles_api_option, params[:target_type]),
excluded_urls: feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:excluded_urls]),
request_headers: feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:request_headers]),
target_type: params[:target_type],
excluded_urls: params[:excluded_urls],
request_headers: params[:request_headers],
auth_enabled: auth_params[:enabled],
auth_url: auth_params[:url],
auth_username_field: auth_params[:username_field],
......@@ -70,14 +66,6 @@ module Mutations
{ id: result.payload.try(:to_global_id), errors: result.errors }
end
private
def feature_flagged(project, flag, value, opts = {})
return opts[:default] unless Feature.enabled?(flag, project, default_enabled: :yaml)
value || opts[:default]
end
end
end
end
......@@ -31,31 +31,27 @@ module Mutations
argument :target_type, Types::DastTargetTypeEnum,
required: false,
description: 'The type of target to be scanned. Will be ignored ' \
'if `security_dast_site_profiles_api_option` feature flag is disabled.'
description: 'The type of target to be scanned.'
argument :excluded_urls, [GraphQL::STRING_TYPE],
required: false,
description: 'The URLs to skip during an authenticated scan. Will be ignored ' \
'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
description: 'The URLs to skip during an authenticated scan.'
argument :request_headers, GraphQL::STRING_TYPE,
required: false,
description: 'Comma-separated list of request header names and values to be ' \
'added to every request made by DAST. Will be ignored ' \
'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
'added to every request made by DAST.'
argument :auth, ::Types::Dast::SiteProfileAuthInputType,
required: false,
description: 'Parameters for authentication. Will be ignored ' \
'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
description: 'Parameters for authentication.'
authorize :create_on_demand_dast_scan
def resolve(full_path:, id:, profile_name:, target_url: nil, **params)
project = authorized_find!(full_path)
auth_params = feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:auth], default: {})
auth_params = params[:auth] || {}
# TODO: remove explicit coercion once compatibility layer has been removed
# See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
......@@ -63,9 +59,9 @@ module Mutations
id: SiteProfileID.coerce_isolated_input(id).model_id,
name: profile_name,
target_url: target_url,
target_type: feature_flagged(project, :security_dast_site_profiles_api_option, params[:target_type]),
excluded_urls: feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:excluded_urls]),
request_headers: feature_flagged(project, :security_dast_site_profiles_additional_fields, params[:request_headers]),
target_type: params[:target_type],
excluded_urls: params[:excluded_urls],
request_headers: params[:request_headers],
auth_enabled: auth_params[:enabled],
auth_url: auth_params[:url],
auth_username_field: auth_params[:username_field],
......@@ -78,14 +74,6 @@ module Mutations
{ id: result.payload.try(:to_global_id), errors: result.errors }
end
private
def feature_flagged(project, flag, value, opts = {})
return opts[:default] unless Feature.enabled?(flag, project, default_enabled: :yaml)
value || opts[:default]
end
end
end
end
......@@ -24,24 +24,20 @@ module Types
description: 'The URL of the target to be scanned.'
field :target_type, Types::DastTargetTypeEnum, null: true,
description: 'The type of target to be scanned. Will always return `null` ' \
'if `security_dast_site_profiles_api_option` feature flag is disabled.'
description: 'The type of target to be scanned.'
field :edit_path, GraphQL::STRING_TYPE, null: true,
description: 'Relative web path to the edit page of a site profile.'
field :auth, Types::Dast::SiteProfileAuthType, null: true,
description: 'Target authentication details. Will always return `null` ' \
'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
description: 'Target authentication details.'
field :excluded_urls, [GraphQL::STRING_TYPE], null: true,
description: 'The URLs to skip during an authenticated scan. Will always return `null` ' \
'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
description: 'The URLs to skip during an authenticated scan.'
field :request_headers, GraphQL::STRING_TYPE, null: true,
description: 'Comma-separated list of request header names and values to be ' \
'added to every request made by DAST. Will always return `null` ' \
'if `security_dast_site_profiles_additional_fields` feature flag is disabled.'
'added to every request made by DAST.'
field :validation_status, Types::DastSiteProfileValidationStatusEnum, null: true,
description: 'The current validation status of the site profile.',
......@@ -58,28 +54,14 @@ module Types
object.dast_site.url
end
def target_type
return unless Feature.enabled?(:security_dast_site_profiles_api_option, object.project, default_enabled: :yaml)
object.target_type
end
def edit_path
Rails.application.routes.url_helpers.edit_project_security_configuration_dast_scans_dast_site_profile_path(object.project, object)
end
def auth
return unless Feature.enabled?(:security_dast_site_profiles_additional_fields, object.project, default_enabled: :yaml)
object
end
def excluded_urls
return unless Feature.enabled?(:security_dast_site_profiles_additional_fields, object.project, default_enabled: :yaml)
object.excluded_urls
end
def normalized_target_url
DastSiteValidation.get_normalized_url_base(object.dast_site.url)
end
......
......@@ -174,8 +174,7 @@ module EE
end
def triggered_for_ondemand_dast_scan?
ondemand_dast_scan? && parameter_source? &&
::Feature.enabled?(:security_dast_site_profiles_additional_fields, project, default_enabled: :yaml)
ondemand_dast_scan? && parameter_source?
end
private
......
......@@ -8,14 +8,12 @@ module Dast
presents :site_profile
def password
return unless Feature.enabled?(:security_dast_site_profiles_additional_fields, site_profile.project, default_enabled: :yaml)
return unless site_profile.secret_variables.any? { |variable| variable.key == ::Dast::SiteProfileSecretVariable::PASSWORD }
REDACTED_PASSWORD
end
def request_headers
return unless Feature.enabled?(:security_dast_site_profiles_additional_fields, site_profile.project, default_enabled: :yaml)
return unless site_profile.secret_variables.any? { |variable| variable.key == ::Dast::SiteProfileSecretVariable::REQUEST_HEADERS }
REDACTED_REQUEST_HEADERS
......
......@@ -20,8 +20,7 @@ module Dast
private
def allowed?
Feature.enabled?(:security_dast_site_profiles_additional_fields, container, default_enabled: :yaml) &&
Ability.allowed?(current_user, :create_on_demand_dast_scan, container)
Ability.allowed?(current_user, :create_on_demand_dast_scan, container)
end
def site_profile
......
......@@ -14,8 +14,7 @@ module Dast
private
def allowed?
Feature.enabled?(:security_dast_site_profiles_additional_fields, container, default_enabled: :yaml) &&
Ability.allowed?(current_user, :create_on_demand_dast_scan, container)
Ability.allowed?(current_user, :create_on_demand_dast_scan, container)
end
def dast_site_profile_secret_variable
......
......@@ -537,13 +537,7 @@ describe('OnDemandScansForm', () => {
const [{ id }] = scannerProfiles;
beforeEach(() => {
createComponent({
provide: {
glFeatures: {
securityDastSiteProfilesAdditionalFields: true,
},
},
});
createComponent();
});
it('renders profile summary when a valid profile is selected', async () => {
......@@ -563,14 +557,7 @@ describe('OnDemandScansForm', () => {
const [{ id }] = siteProfiles;
beforeEach(() => {
createComponent({
provide: {
glFeatures: {
securityDastSiteProfilesAdditionalFields: true,
securityDastSiteProfilesApiOption: true,
},
},
});
createComponent();
});
it('renders profile summary when a valid profile is selected', async () => {
......
......@@ -33,10 +33,6 @@ describe('OnDemandScansSiteProfileSelector', () => {
provide: {
siteProfilesLibraryPath: TEST_LIBRARY_PATH,
newSiteProfilePath: TEST_NEW_PATH,
glFeatures: {
securityDastSiteProfilesAdditionalFields: true,
securityDastSiteProfilesApiOption: true,
},
},
slots: {
summary: `<div>${profiles[0].profileName}'s summary</div>`,
......
......@@ -13,12 +13,6 @@ describe('DastSiteProfileSummary', () => {
profile,
...props,
},
provide: {
glFeatures: {
securityDastSiteProfilesAdditionalFields: true,
securityDastSiteProfilesApiOption: true,
},
},
});
};
......
......@@ -130,12 +130,6 @@ describe('DastSiteProfileForm', () => {
{},
{
propsData: defaultProps,
provide: {
glFeatures: {
securityDastSiteProfilesAdditionalFields: true,
securityDastSiteProfilesApiOption: true,
},
},
},
options,
{
......@@ -418,60 +412,6 @@ describe('DastSiteProfileForm', () => {
});
});
describe('when all feature flags are off', () => {
const mountOpts = {
provide: {
glFeatures: {
securityDastSiteProfilesAdditionalFields: false,
securityDastSiteProfilesApiOption: false,
},
},
};
const fillRequiredFieldsAndSubmitForm = async () => {
await setFieldValue(findProfileNameInput(), profileName);
await setFieldValue(findTargetUrlInput(), targetUrl);
submitForm();
};
it('should not render additional fields', () => {
createFullComponent(mountOpts);
expect(findAuthSection().exists()).toBe(false);
expect(findExcludedUrlsInput().exists()).toBe(false);
expect(findRequestHeadersInput().exists()).toBe(false);
expect(findTargetTypeOption().exists()).toBe(false);
});
describe.each`
title | siteProfile | mutationVars | mutationKind
${'New site profile'} | ${null} | ${{}} | ${'dastSiteProfileCreate'}
${'Edit site profile'} | ${siteProfileOne} | ${{ id: siteProfileOne.id }} | ${'dastSiteProfileUpdate'}
`('$title', ({ siteProfile, mutationVars, mutationKind }) => {
beforeEach(() => {
createFullComponent({
propsData: {
siteProfile,
},
...mountOpts,
});
fillRequiredFieldsAndSubmitForm();
});
it('form submission triggers correct GraphQL mutation', async () => {
await fillRequiredFieldsAndSubmitForm();
expect(requestHandlers[mutationKind]).toHaveBeenCalledWith({
input: {
profileName,
targetUrl,
fullPath,
...mutationVars,
},
});
});
});
});
describe('when profile does not come from a policy', () => {
beforeEach(() => {
createComponent({
......
......@@ -127,45 +127,6 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
end
end
context 'when the feature flag security_dast_site_profiles_additional_fields is disabled' do
before do
stub_feature_flags(security_dast_site_profiles_additional_fields: false)
end
it 'does not set the request_headers or the password dast_site_profile_secret_variables' do
subject
expect(dast_site_profile.secret_variables).to be_empty
end
it 'does not set non-secret auth fields' do
subject
expect(dast_site_profile).to have_attributes(
auth_enabled: false,
auth_url: nil,
auth_username_field: nil,
auth_password_field: nil,
auth_username: nil
)
end
end
context 'when the feature flag security_dast_site_profiles_api_option is disabled' do
before do
stub_feature_flags(security_dast_site_profiles_api_option: false)
end
it 'ignores target_type and uses the default target_type', :aggregate_failures do
subject
default_target_type = dast_site_profile.class.new.target_type
expect(default_target_type).not_to eq(target_type)
expect(dast_site_profile.target_type).to eq(default_target_type)
end
end
context 'when variable creation fails' do
it 'returns an error and the dast_site_profile' do
service = double(Dast::SiteProfileSecretVariables::CreateOrUpdateService)
......
......@@ -155,37 +155,6 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
expect(subject).to include(errors: ['Oops'])
end
end
context 'when the feature flag security_dast_site_profiles_additional_fields is disabled' do
before do
stub_feature_flags(security_dast_site_profiles_additional_fields: false)
end
it 'does not update the feature flagged attributes', :aggregate_failures do
dast_site_profile = subject[:id].find
expect(dast_site_profile).not_to have_attributes(
excluded_urls: new_excluded_urls,
auth_enabled: new_auth[:enabled],
auth_url: new_auth[:url],
auth_username_field: new_auth[:username_field],
auth_password_field: new_auth[:password_field],
auth_username: new_auth[:username]
)
expect(dast_site_profile.secret_variables).to be_empty
end
end
context 'when the feature flag security_dast_site_profiles_api_option is disabled' do
before do
stub_feature_flags(security_dast_site_profiles_api_option: false)
end
it 'does not update the target_type' do
expect { subject }.not_to change { dast_site_profile.reload.target_type }
end
end
end
end
end
......
......@@ -41,18 +41,8 @@ RSpec.describe GitlabSchema.types['DastSiteProfile'] do
end
describe 'targetType field' do
context 'when the feature flag is disabled' do
it 'is nil' do
stub_feature_flags(security_dast_site_profiles_api_option: false)
expect(resolve_field(:target_type, object, current_user: user)).to be_nil
end
end
context 'when the feature flag is enabled' do
it 'is the target type' do
expect(resolve_field(:target_type, object, current_user: user)).to eq('website')
end
it 'is the target type' do
expect(resolve_field(:target_type, object, current_user: user)).to eq('website')
end
end
......@@ -65,59 +55,29 @@ RSpec.describe GitlabSchema.types['DastSiteProfile'] do
end
describe 'auth field' do
context 'when the feature flag is disabled' do
it 'is nil' do
stub_feature_flags(security_dast_site_profiles_additional_fields: false)
expect(resolve_field(:auth, object, current_user: user)).to be_nil
end
end
context 'when the feature flag is enabled' do
it 'is the dast_site_profile' do
expect(resolve_field(:auth, object, current_user: user)).to eq(object)
end
it 'is the dast_site_profile' do
expect(resolve_field(:auth, object, current_user: user)).to eq(object)
end
end
describe 'excludedUrls field' do
context 'when the feature flag is disabled' do
it 'is nil' do
stub_feature_flags(security_dast_site_profiles_additional_fields: false)
expect(resolve_field(:excluded_urls, object, current_user: user)).to be_nil
end
end
context 'when the feature flag is enabled' do
it 'is the excluded urls' do
expect(resolve_field(:excluded_urls, object, current_user: user)).to eq(object.excluded_urls)
end
it 'is the excluded urls' do
expect(resolve_field(:excluded_urls, object, current_user: user)).to eq(object.excluded_urls)
end
end
describe 'requestHeaders field' do
context 'when the feature flag is disabled' do
context 'when there is no associated secret variable' do
it 'is nil' do
stub_feature_flags(security_dast_site_profiles_additional_fields: false)
expect(resolve_field(:request_headers, object, current_user: user)).to be_nil
end
end
context 'when the feature flag is enabled' do
context 'when there is no associated secret variable' do
it 'is nil' do
expect(resolve_field(:request_headers, object, current_user: user)).to be_nil
end
end
context 'when there an associated secret variable' do
it 'is redacted' do
create(:dast_site_profile_secret_variable, dast_site_profile: object, key: Dast::SiteProfileSecretVariable::REQUEST_HEADERS)
context 'when there an associated secret variable' do
it 'is redacted' do
create(:dast_site_profile_secret_variable, dast_site_profile: object, key: Dast::SiteProfileSecretVariable::REQUEST_HEADERS)
expect(resolve_field(:request_headers, object, current_user: user)).to eq('••••••••')
end
expect(resolve_field(:request_headers, object, current_user: user)).to eq('••••••••')
end
end
end
......
......@@ -182,14 +182,6 @@ RSpec.describe Ci::Build do
expect(subject.to_runner_variables).to include(key: key, value: value, public: false, masked: true)
end
end
it_behaves_like 'a pipeline with no dast on-demand variables' do
let(:pipeline_params) { { source: :ondemand_dast_scan, config_source: :parameter_source } }
before do
stub_feature_flags(security_dast_site_profiles_additional_fields: false)
end
end
end
end
......
......@@ -633,14 +633,6 @@ RSpec.describe Ci::Pipeline do
it { is_expected.to be_falsey }
end
end
context 'when the feature flag is disabled' do
before do
stub_feature_flags(security_dast_site_profiles_additional_fields: false)
end
it { is_expected.to be_falsey }
end
end
describe '#needs_touch?' do
......
......@@ -9,25 +9,15 @@ RSpec.describe Dast::SiteProfilePresenter do
let(:presenter) { described_class.new(dast_site_profile) }
shared_examples 'a DAST on-demand secret variable' do
context 'when the feature flag is disabled' do
before do
stub_feature_flags(security_dast_site_profiles_additional_fields: false)
end
context 'when there is no associated secret variable' do
it { is_expected.to be_nil }
end
context 'when the feature flag is enabled' do
context 'when there is no associated secret variable' do
it { is_expected.to be_nil }
end
context 'when there an associated secret variable' do
it 'is redacted' do
create(:dast_site_profile_secret_variable, dast_site_profile: dast_site_profile, key: key)
context 'when there an associated secret variable' do
it 'is redacted' do
create(:dast_site_profile_secret_variable, dast_site_profile: dast_site_profile, key: key)
expect(subject).to eq(redacted_value)
end
expect(subject).to eq(redacted_value)
end
end
end
......
......@@ -138,14 +138,6 @@ RSpec.describe AppSec::Dast::SiteProfiles::CreateService do
expect(Base64.strict_decode64(variable.value)).to eq(raw_value)
end
context 'when the feature flag is disabled' do
it 'does not create a secret variable' do
stub_feature_flags(security_dast_site_profiles_additional_fields: false)
expect { subject }.not_to change { Dast::SiteProfileSecretVariable.count }
end
end
end
shared_examples 'it handles secret variable creation failure' do
......
......@@ -160,16 +160,6 @@ RSpec.describe AppSec::Dast::SiteProfiles::UpdateService do
expect(Base64.strict_decode64(variable.value)).to eq(raw_value)
end
context 'when the feature flag is disabled' do
it 'does not update the secret variable' do
stub_feature_flags(security_dast_site_profiles_additional_fields: false)
variable = Dast::SiteProfileSecretVariable.find_by(key: key, dast_site_profile: dast_site_profile)
expect { subject }.not_to change { variable.reload.value }
end
end
end
shared_examples 'it handles secret variable updating failure' do
......@@ -209,18 +199,6 @@ RSpec.describe AppSec::Dast::SiteProfiles::UpdateService do
expect { subject }.not_to change { variable.reload.value }
end
end
context 'when the feature flag is disabled' do
let(:params) { default_params.merge(argument => '') }
it 'does not delete the secret variable' do
stub_feature_flags(security_dast_site_profiles_additional_fields: false)
variable = Dast::SiteProfileSecretVariable.find_by(key: key, dast_site_profile: dast_site_profile)
expect { variable.reload }.not_to raise_error
end
end
end
context 'when request_headers are supplied' do
......
......@@ -90,15 +90,6 @@ RSpec.describe Dast::SiteProfileSecretVariables::CreateOrUpdateService do
expect(dast_site_profile_secret_variable.reload.value).to eq(Base64.strict_encode64(params[:raw_value]))
end
end
context 'when the feature is disabled' do
it 'communicates failure', :aggregate_failures do
stub_feature_flags(security_dast_site_profiles_additional_fields: false)
expect(subject.status).to eq(:error)
expect(subject.message).to include('Insufficient permissions')
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment