Add query for projects selected for instance security dashboard

Add ability in GraphQL API to query projects added in Instance Security Dashboard.

Add query for projects selected for instance security dashboard
Add ability in GraphQL API to query projects added in Instance Security Dashboard.
9f67451c · Alan (Maciej) Paruszewski · charlie ablett · 0770ce89 · 9f67451c · 9f67451c
Commit 9f67451c authored May 07, 2020 by Alan (Maciej) Paruszewski Committed by charlie ablett May 07, 2020
16 changed files
--- a/doc/api/graphql/reference/gitlab_schema.graphql
+++ b/doc/api/graphql/reference/gitlab_schema.graphql
@@ -4319,6 +4319,33 @@ enum HealthStatus {
  onTrack
 }

+type InstanceSecurityDashboard {
+  """
+  Projects selected in Instance Security Dashboard
+  """
+  projects(
+    """
+    Returns the elements in the list that come after the specified cursor.
+    """
+    after: String
+
+    """
+    Returns the elements in the list that come before the specified cursor.
+    """
+    before: String
+
+    """
+    Returns the first _n_ elements from the list.
+    """
+    first: Int
+
+    """
+    Returns the last _n_ elements from the list.
+    """
+    last: Int
+  ): ProjectConnection!
+}
+
 """
 State of a GitLab issue or merge request
 """
@@ -8021,6 +8048,11 @@ type Query {
    fullPath: ID!
  ): Group

+  """
+  Fields related to Instance Security Dashboard
+  """
+  instanceSecurityDashboard: InstanceSecurityDashboard
+
  """
  Metadata about GitLab
  """

--- a/doc/api/graphql/reference/gitlab_schema.json
+++ b/doc/api/graphql/reference/gitlab_schema.json
@@ -12025,6 +12025,76 @@
          "enumValues": null,
          "possibleTypes": null
        },
+        {
+          "kind": "OBJECT",
+          "name": "InstanceSecurityDashboard",
+          "description": null,
+          "fields": [
+            {
+              "name": "projects",
+              "description": "Projects selected in Instance Security Dashboard",
+              "args": [
+                {
+                  "name": "after",
+                  "description": "Returns the elements in the list that come after the specified cursor.",
+                  "type": {
+                    "kind": "SCALAR",
+                    "name": "String",
+                    "ofType": null
+                  },
+                  "defaultValue": null
+                },
+                {
+                  "name": "before",
+                  "description": "Returns the elements in the list that come before the specified cursor.",
+                  "type": {
+                    "kind": "SCALAR",
+                    "name": "String",
+                    "ofType": null
+                  },
+                  "defaultValue": null
+                },
+                {
+                  "name": "first",
+                  "description": "Returns the first _n_ elements from the list.",
+                  "type": {
+                    "kind": "SCALAR",
+                    "name": "Int",
+                    "ofType": null
+                  },
+                  "defaultValue": null
+                },
+                {
+                  "name": "last",
+                  "description": "Returns the last _n_ elements from the list.",
+                  "type": {
+                    "kind": "SCALAR",
+                    "name": "Int",
+                    "ofType": null
+                  },
+                  "defaultValue": null
+                }
+              ],
+              "type": {
+                "kind": "NON_NULL",
+                "name": null,
+                "ofType": {
+                  "kind": "OBJECT",
+                  "name": "ProjectConnection",
+                  "ofType": null
+                }
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            }
+          ],
+          "inputFields": null,
+          "interfaces": [
+
+          ],
+          "enumValues": null,
+          "possibleTypes": null
+        },
        {
          "kind": "SCALAR",
          "name": "Int",
@@ -23715,6 +23785,20 @@
              "isDeprecated": false,
              "deprecationReason": null
            },
+            {
+              "name": "instanceSecurityDashboard",
+              "description": "Fields related to Instance Security Dashboard",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "OBJECT",
+                "name": "InstanceSecurityDashboard",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
            {
              "name": "metadata",
              "description": "Metadata about GitLab",

--- a/ee/app/graphql/ee/types/mutation_type.rb
+++ b/ee/app/graphql/ee/types/mutation_type.rb
@@ -18,7 +18,7 @@ module EE
        mount_mutation ::Mutations::Requirements::Update
        mount_mutation ::Mutations::Vulnerabilities::Dismiss
        mount_mutation ::Mutations::Boards::Lists::UpdateLimitMetrics
-        mount_mutation ::Mutations::SecurityDashboard::AddProject
+        mount_mutation ::Mutations::InstanceSecurityDashboard::AddProject
      end
    end
  end

--- a/ee/app/graphql/ee/types/query_type.rb
+++ b/ee/app/graphql/ee/types/query_type.rb
@@ -24,6 +24,11 @@ module EE
              resolver: Resolvers::Geo::GeoNodeResolver,
              description: 'Find a Geo node'

+        field :instance_security_dashboard, ::Types::InstanceSecurityDashboardType,
+              null: true,
+              resolver: Resolvers::InstanceSecurityDashboardResolver,
+              description: 'Fields related to Instance Security Dashboard'
+
        def design_management
          DesignManagementObject.new(nil)
        end

--- a/ee/app/graphql/mutations/security_dashboard/add_project.rb
+++ b/ee/app/graphql/mutations/security_dashboard/add_project.rb
 # frozen_string_literal: true

 module Mutations
-  module SecurityDashboard
+  module InstanceSecurityDashboard
    class AddProject < BaseMutation
      graphql_name 'AddProjectToSecurityDashboard'


--- a/ee/app/graphql/resolvers/instance_security_dashboard/projects_resolver.rb
+++ b/ee/app/graphql/resolvers/instance_security_dashboard/projects_resolver.rb
+# frozen_string_literal: true
+
+module Resolvers
+  module InstanceSecurityDashboard
+    class ProjectsResolver < BaseResolver
+      type ::Types::ProjectType, null: true
+
+      alias_method :dashboard, :object
+
+      def resolve(**args)
+        dashboard&.projects
+      end
+    end
+  end
+end
--- a/ee/app/graphql/resolvers/instance_security_dashboard_resolver.rb
+++ b/ee/app/graphql/resolvers/instance_security_dashboard_resolver.rb
+# frozen_string_literal: true
+
+module Resolvers
+  class InstanceSecurityDashboardResolver < BaseResolver
+    type ::Types::InstanceSecurityDashboardType, null: true
+
+    def resolve(**args)
+      ::InstanceSecurityDashboard.new(current_user)
+    end
+  end
+end
--- a/ee/app/graphql/resolvers/vulnerabilities_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerabilities_resolver.rb
@@ -38,7 +38,7 @@ module Resolvers

      strong_memoize(:vulnerable) do
        if resolve_vulnerabilities_for_instance_security_dashboard?
-          InstanceSecurityDashboard.new(current_user)
+          ::InstanceSecurityDashboard.new(current_user)
        elsif object.respond_to?(:sync)
          object.sync
        else

--- a/ee/app/graphql/types/instance_security_dashboard_type.rb
+++ b/ee/app/graphql/types/instance_security_dashboard_type.rb
+# frozen_string_literal: true
+
+module Types
+  class InstanceSecurityDashboardType < BaseObject
+    graphql_name 'InstanceSecurityDashboard'
+
+    authorize :read_instance_security_dashboard
+
+    field :projects,
+          Types::ProjectType.connection_type,
+          null: false,
+          authorize: :read_project,
+          description: 'Projects selected in Instance Security Dashboard'
+  end
+end
--- a/ee/changelogs/unreleased/214583-add-ability-to-query-security-dashboard-projects.yml
+++ b/ee/changelogs/unreleased/214583-add-ability-to-query-security-dashboard-projects.yml
+---
+title: Add GraphQL query for Instance Security Dashboard projects
+merge_request: 30064
+author:
+type: added
--- a/ee/spec/graphql/mutations/security_dashboard/add_project_spec.rb
+++ b/ee/spec/graphql/mutations/security_dashboard/add_project_spec.rb
 # frozen_string_literal: true
 require 'spec_helper'

-describe Mutations::SecurityDashboard::AddProject do
+describe Mutations::InstanceSecurityDashboard::AddProject do
  let(:mutation) { described_class.new(object: nil, context: { current_user: current_user }, field: nil) }

  describe '#resolve' do

--- a/ee/spec/graphql/resolvers/instance_security_dashboard/projects_resolver_spec.rb
+++ b/ee/spec/graphql/resolvers/instance_security_dashboard/projects_resolver_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Resolvers::InstanceSecurityDashboard::ProjectsResolver do
+  include GraphqlHelpers
+
+  describe '#resolve' do
+    subject { resolve(described_class, obj: object, ctx: { current_user: user }) }
+
+    let_it_be(:project) { create(:project) }
+    let_it_be(:user) { create(:user, security_dashboard_projects: [project]) }
+
+    context 'when provided object is InstanceSecurityDashboard' do
+      let(:object) { InstanceSecurityDashboard.new(user) }
+
+      it { is_expected.to eq(object.projects) }
+    end
+
+    context 'when object is not provided' do
+      let(:object) { nil }
+
+      it { is_expected.to be_nil }
+    end
+  end
+end
--- a/ee/spec/graphql/resolvers/instance_security_dashboard_resolver_spec.rb
+++ b/ee/spec/graphql/resolvers/instance_security_dashboard_resolver_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Resolvers::InstanceSecurityDashboardResolver do
+  include GraphqlHelpers
+
+  describe '#resolve' do
+    subject(:instance_security_dashboard) { resolve(described_class, ctx: { current_user: current_user }) }
+
+    let_it_be(:current_user) { create(:user) }
+
+    it { is_expected.to be_a(InstanceSecurityDashboard) }
+  end
+end
--- a/ee/spec/graphql/types/instance_security_dashboard_type_spec.rb
+++ b/ee/spec/graphql/types/instance_security_dashboard_type_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe GitlabSchema.types['InstanceSecurityDashboard'] do
+  let_it_be(:project) { create(:project) }
+  let_it_be(:other_project) { create(:project) }
+  let_it_be(:user) { create(:user, security_dashboard_projects: [project]) }
+
+  let(:fields) do
+    %i[projects]
+  end
+
+  before do
+    project.add_developer(user)
+    other_project.add_developer(user)
+
+    stub_licensed_features(security_dashboard: true)
+  end
+
+  let(:result) { GitlabSchema.execute(query, context: { current_user: current_user }).as_json }
+
+  specify { expect(described_class).to have_graphql_fields(fields) }
+
+  describe 'projects' do
+    let(:query) do
+      %(
+        query {
+          instanceSecurityDashboard {
+            projects {
+              nodes {
+                id
+              }
+            }
+          }
+        }
+      )
+    end
+
+    subject(:projects) { result.dig('data', 'instanceSecurityDashboard', 'projects') }
+
+    context 'when user is not logged in' do
+      let(:current_user) { nil }
+
+      it { is_expected.to be_nil }
+    end
+
+    context 'when user is logged in' do
+      let(:current_user) { user }
+
+      it 'is a list of projects configured for instance security dashboard' do
+        project_ids = projects['nodes'].pluck('id')
+
+        expect(project_ids).to eq [GitlabSchema.id_from_object(project).to_s]
+      end
+    end
+  end
+end
--- a/ee/spec/graphql/types/query_type_spec.rb
+++ b/ee/spec/graphql/types/query_type_spec.rb
@@ -7,7 +7,8 @@ describe GitlabSchema.types['Query'] do
    expect(described_class).to have_graphql_fields(
      :design_management,
      :geo_node,
-      :vulnerabilities
+      :vulnerabilities,
+      :instance_security_dashboard
    ).at_least
  end
 end
--- a/ee/spec/requests/api/graphql/instance_security_dashboard_spec.rb
+++ b/ee/spec/requests/api/graphql/instance_security_dashboard_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Query.instanceSecurityDashboard.projects' do
+  include GraphqlHelpers
+
+  let_it_be(:project) { create(:project) }
+  let_it_be(:other_project) { create(:project) }
+  let_it_be(:user) { create(:user, security_dashboard_projects: [project]) }
+
+  let(:current_user) { user }
+
+  before do
+    project.add_developer(user)
+    other_project.add_developer(user)
+
+    stub_licensed_features(security_dashboard: true)
+  end
+
+  let(:fields) do
+    <<~QUERY
+    nodes {
+      id
+    }
+    QUERY
+  end
+
+  let(:query) do
+    graphql_query_for('instanceSecurityDashboard', nil, query_graphql_field('projects', {}, fields))
+  end
+
+  subject(:projects) { graphql_data.dig('instanceSecurityDashboard', 'projects', 'nodes') }
+
+  context 'with logged in user' do
+    it_behaves_like 'a working graphql query' do
+      before do
+        post_graphql(query, current_user: current_user)
+      end
+
+      it 'finds only projects that were added to instance security dashboard' do
+        expect(projects).to eq([{ "id" => GitlabSchema.id_from_object(project).to_s }])
+      end
+    end
+  end
+
+  context 'with no user' do
+    let(:current_user) { nil }
+
+    it_behaves_like 'a working graphql query' do
+      before do
+        post_graphql(query, current_user: current_user)
+      end
+
+      it { is_expected.to be_nil }
+    end
+  end
+end