Add request specs for security policies mutations

976095bf · Alan (Maciej) Paruszewski · Thong Kuah · da47cbe6 · 976095bf · 976095bf
Commit 976095bf authored Dec 15, 2021 by Alan (Maciej) Paruszewski Committed by Thong Kuah Dec 15, 2021
4 changed files
--- a/ee/app/graphql/mutations/security_policy/create_security_policy_project.rb
+++ b/ee/app/graphql/mutations/security_policy/create_security_policy_project.rb
@@ -23,7 +23,6 @@ module Mutations
        project = authorized_find!(args[:project_path])

        result = create_project(project)
-
        return { project: nil, errors: [result[:message]] } if result[:status] == :error

        {

--- a/ee/spec/requests/api/graphql/mutations/security_policy/assign_security_policy_project_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/security_policy/assign_security_policy_project_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Assigns scan execution policy project to a project' do
+  include GraphqlHelpers
+
+  let_it_be_with_refind(:owner) { create(:user) }
+  let_it_be_with_refind(:user) { create(:user) }
+  let_it_be_with_refind(:project) { create(:project, namespace: owner.namespace) }
+  let_it_be_with_refind(:policy_project) { create(:project) }
+  let_it_be_with_refind(:policy_project_id) { GitlabSchema.id_from_object(policy_project) }
+
+  let(:current_user) { owner }
+
+  subject { post_graphql_mutation(mutation, current_user: current_user) }
+
+  def mutation
+    variables = { project_path: project.full_path, security_policy_project_id: policy_project_id.to_s }
+
+    graphql_mutation(:security_policy_project_assign, variables) do
+      <<-QL.strip_heredoc
+        errors
+      QL
+    end
+  end
+
+  def mutation_response
+    graphql_mutation_response(:security_policy_project_assign)
+  end
+
+  context 'when licensed feature is available' do
+    before do
+      stub_licensed_features(security_orchestration_policies: true)
+    end
+
+    context 'when user is an owner of the project' do
+      it 'assigns the security policy project', :aggregate_failures do
+        subject
+
+        orchestration_policy_configuration = project.security_orchestration_policy_configuration
+
+        expect(response).to have_gitlab_http_status(:success)
+        expect(mutation_response['errors']).to be_empty
+        expect(orchestration_policy_configuration.security_policy_management_project).to eq(policy_project)
+      end
+    end
+
+    context 'when user is not an owner' do
+      let(:current_user) { user }
+
+      before do
+        project.add_maintainer(user)
+      end
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+    end
+
+    context 'when policy_project_id is invalid' do
+      let_it_be_with_refind(:policy_project_id) { "gid://gitlab/Project/#{non_existing_record_id}" }
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                  errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+    end
+  end
+
+  context 'when feature is not licensed' do
+    before do
+      stub_licensed_features(security_orchestration_policies: false)
+    end
+
+    it_behaves_like 'a mutation that returns top-level errors',
+                errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+  end
+end
--- a/ee/spec/requests/api/graphql/mutations/security_policy/create_security_policy_project_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/security_policy/create_security_policy_project_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Creates and assigns scan execution policy project to a project' do
+  include GraphqlHelpers
+
+  let_it_be_with_refind(:owner) { create(:user) }
+  let_it_be_with_refind(:user) { create(:user) }
+  let_it_be_with_refind(:project) { create(:project, namespace: owner.namespace) }
+
+  let(:current_user) { owner }
+
+  subject { post_graphql_mutation(mutation, current_user: current_user) }
+
+  def mutation
+    variables = { project_path: project.full_path }
+
+    graphql_mutation(:security_policy_project_create, variables) do
+      <<-QL.strip_heredoc
+        project {
+          id
+          name
+        }
+        errors
+      QL
+    end
+  end
+
+  def mutation_response
+    graphql_mutation_response(:security_policy_project_create)
+  end
+
+  context 'when licensed feature is available' do
+    before do
+      # TODO: investigate too many qeuries issue as part of Project Management Database and Query Performance
+      # Epic: https://gitlab.com/groups/gitlab-org/-/epics/5804
+      # Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/348344
+      stub_const('Gitlab::QueryLimiting::Transaction::THRESHOLD', 130)
+      stub_licensed_features(security_orchestration_policies: true)
+    end
+
+    context 'when user is an owner of the project' do
+      it 'creates and assigns the security policy project', :aggregate_failures do
+        expect { subject }.to change { ::Project.count }.by(1)
+
+        orchestration_policy_configuration = project.security_orchestration_policy_configuration
+
+        expect(response).to have_gitlab_http_status(:success)
+        expect(mutation_response['errors']).to be_empty
+        expect(mutation_response.dig('project', 'id')).to eq(orchestration_policy_configuration.security_policy_management_project.to_gid.to_s)
+        expect(mutation_response.dig('project', 'name')).to eq("#{project.name} - Security policy project")
+      end
+    end
+
+    context 'when user is not an owner' do
+      let(:current_user) { user }
+
+      before do
+        project.add_maintainer(user)
+      end
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+    end
+  end
+
+  context 'when feature is not licensed' do
+    before do
+      stub_licensed_features(security_orchestration_policies: false)
+    end
+
+    it_behaves_like 'a mutation that returns top-level errors',
+                errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+  end
+end
--- a/ee/spec/requests/api/graphql/mutations/security_policy/unassign_security_policy_project_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/security_policy/unassign_security_policy_project_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Unassigns scan execution policy project from a project' do
+  include GraphqlHelpers
+
+  let_it_be_with_refind(:owner) { create(:user) }
+  let_it_be_with_refind(:user) { create(:user) }
+  let_it_be_with_refind(:project) { create(:project, namespace: owner.namespace) }
+
+  let(:current_user) { owner }
+
+  subject { post_graphql_mutation(mutation, current_user: current_user) }
+
+  def mutation
+    variables = { project_path: project.full_path }
+
+    graphql_mutation(:security_policy_project_unassign, variables) do
+      <<-QL.strip_heredoc
+        errors
+      QL
+    end
+  end
+
+  def mutation_response
+    graphql_mutation_response(:security_policy_project_unassign)
+  end
+
+  context 'when licensed feature is available' do
+    before do
+      stub_licensed_features(security_orchestration_policies: true)
+    end
+
+    context 'when user is an owner of the project' do
+      context 'when there is no security policy project assigned to the project' do
+        it 'unassigns the security policy project', :aggregate_failures do
+          expect { subject }.not_to change { ::Security::OrchestrationPolicyConfiguration.count }
+
+          expect(response).to have_gitlab_http_status(:success)
+          expect(mutation_response['errors']).to eq(["Policy project doesn't exist"])
+        end
+      end
+
+      context 'when security policy project is assigned to the project' do
+        let!(:security_policy_management_project) { create(:project, :repository, namespace: current_user.namespace) }
+        let!(:policy_configuration) { create(:security_orchestration_policy_configuration, project: project, security_policy_management_project: security_policy_management_project) }
+
+        it 'unassigns the security policy project', :aggregate_failures do
+          expect { subject }.to change { ::Security::OrchestrationPolicyConfiguration.count }.by(-1)
+
+          expect(response).to have_gitlab_http_status(:success)
+          expect(mutation_response['errors']).to be_empty
+        end
+      end
+    end
+
+    context 'when user is not an owner' do
+      let(:current_user) { user }
+
+      before do
+        project.add_maintainer(user)
+      end
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+    end
+  end
+
+  context 'when feature is not licensed' do
+    before do
+      stub_licensed_features(security_orchestration_policies: false)
+    end
+
+    it_behaves_like 'a mutation that returns top-level errors',
+                errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+  end
+end