Commit 976095bf authored by Alan (Maciej) Paruszewski's avatar Alan (Maciej) Paruszewski Committed by Thong Kuah

Add request specs for security policies mutations

parent da47cbe6
...@@ -23,7 +23,6 @@ module Mutations ...@@ -23,7 +23,6 @@ module Mutations
project = authorized_find!(args[:project_path]) project = authorized_find!(args[:project_path])
result = create_project(project) result = create_project(project)
return { project: nil, errors: [result[:message]] } if result[:status] == :error return { project: nil, errors: [result[:message]] } if result[:status] == :error
{ {
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Assigns scan execution policy project to a project' do
include GraphqlHelpers
let_it_be_with_refind(:owner) { create(:user) }
let_it_be_with_refind(:user) { create(:user) }
let_it_be_with_refind(:project) { create(:project, namespace: owner.namespace) }
let_it_be_with_refind(:policy_project) { create(:project) }
let_it_be_with_refind(:policy_project_id) { GitlabSchema.id_from_object(policy_project) }
let(:current_user) { owner }
subject { post_graphql_mutation(mutation, current_user: current_user) }
def mutation
variables = { project_path: project.full_path, security_policy_project_id: policy_project_id.to_s }
graphql_mutation(:security_policy_project_assign, variables) do
<<-QL.strip_heredoc
errors
QL
end
end
def mutation_response
graphql_mutation_response(:security_policy_project_assign)
end
context 'when licensed feature is available' do
before do
stub_licensed_features(security_orchestration_policies: true)
end
context 'when user is an owner of the project' do
it 'assigns the security policy project', :aggregate_failures do
subject
orchestration_policy_configuration = project.security_orchestration_policy_configuration
expect(response).to have_gitlab_http_status(:success)
expect(mutation_response['errors']).to be_empty
expect(orchestration_policy_configuration.security_policy_management_project).to eq(policy_project)
end
end
context 'when user is not an owner' do
let(:current_user) { user }
before do
project.add_maintainer(user)
end
it_behaves_like 'a mutation that returns top-level errors',
errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
end
context 'when policy_project_id is invalid' do
let_it_be_with_refind(:policy_project_id) { "gid://gitlab/Project/#{non_existing_record_id}" }
it_behaves_like 'a mutation that returns top-level errors',
errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
end
end
context 'when feature is not licensed' do
before do
stub_licensed_features(security_orchestration_policies: false)
end
it_behaves_like 'a mutation that returns top-level errors',
errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Creates and assigns scan execution policy project to a project' do
include GraphqlHelpers
let_it_be_with_refind(:owner) { create(:user) }
let_it_be_with_refind(:user) { create(:user) }
let_it_be_with_refind(:project) { create(:project, namespace: owner.namespace) }
let(:current_user) { owner }
subject { post_graphql_mutation(mutation, current_user: current_user) }
def mutation
variables = { project_path: project.full_path }
graphql_mutation(:security_policy_project_create, variables) do
<<-QL.strip_heredoc
project {
id
name
}
errors
QL
end
end
def mutation_response
graphql_mutation_response(:security_policy_project_create)
end
context 'when licensed feature is available' do
before do
# TODO: investigate too many qeuries issue as part of Project Management Database and Query Performance
# Epic: https://gitlab.com/groups/gitlab-org/-/epics/5804
# Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/348344
stub_const('Gitlab::QueryLimiting::Transaction::THRESHOLD', 130)
stub_licensed_features(security_orchestration_policies: true)
end
context 'when user is an owner of the project' do
it 'creates and assigns the security policy project', :aggregate_failures do
expect { subject }.to change { ::Project.count }.by(1)
orchestration_policy_configuration = project.security_orchestration_policy_configuration
expect(response).to have_gitlab_http_status(:success)
expect(mutation_response['errors']).to be_empty
expect(mutation_response.dig('project', 'id')).to eq(orchestration_policy_configuration.security_policy_management_project.to_gid.to_s)
expect(mutation_response.dig('project', 'name')).to eq("#{project.name} - Security policy project")
end
end
context 'when user is not an owner' do
let(:current_user) { user }
before do
project.add_maintainer(user)
end
it_behaves_like 'a mutation that returns top-level errors',
errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
end
end
context 'when feature is not licensed' do
before do
stub_licensed_features(security_orchestration_policies: false)
end
it_behaves_like 'a mutation that returns top-level errors',
errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Unassigns scan execution policy project from a project' do
include GraphqlHelpers
let_it_be_with_refind(:owner) { create(:user) }
let_it_be_with_refind(:user) { create(:user) }
let_it_be_with_refind(:project) { create(:project, namespace: owner.namespace) }
let(:current_user) { owner }
subject { post_graphql_mutation(mutation, current_user: current_user) }
def mutation
variables = { project_path: project.full_path }
graphql_mutation(:security_policy_project_unassign, variables) do
<<-QL.strip_heredoc
errors
QL
end
end
def mutation_response
graphql_mutation_response(:security_policy_project_unassign)
end
context 'when licensed feature is available' do
before do
stub_licensed_features(security_orchestration_policies: true)
end
context 'when user is an owner of the project' do
context 'when there is no security policy project assigned to the project' do
it 'unassigns the security policy project', :aggregate_failures do
expect { subject }.not_to change { ::Security::OrchestrationPolicyConfiguration.count }
expect(response).to have_gitlab_http_status(:success)
expect(mutation_response['errors']).to eq(["Policy project doesn't exist"])
end
end
context 'when security policy project is assigned to the project' do
let!(:security_policy_management_project) { create(:project, :repository, namespace: current_user.namespace) }
let!(:policy_configuration) { create(:security_orchestration_policy_configuration, project: project, security_policy_management_project: security_policy_management_project) }
it 'unassigns the security policy project', :aggregate_failures do
expect { subject }.to change { ::Security::OrchestrationPolicyConfiguration.count }.by(-1)
expect(response).to have_gitlab_http_status(:success)
expect(mutation_response['errors']).to be_empty
end
end
end
context 'when user is not an owner' do
let(:current_user) { user }
before do
project.add_maintainer(user)
end
it_behaves_like 'a mutation that returns top-level errors',
errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
end
end
context 'when feature is not licensed' do
before do
stub_licensed_features(security_orchestration_policies: false)
end
it_behaves_like 'a mutation that returns top-level errors',
errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment