Create new DAST profiles routes

Created new routes to access DAST profiles management through the Security Configuration namespace

Create new DAST profiles routes
Created new routes to access DAST profiles management through the Security Configuration namespace
b7c2645a · Paul Gascou-Vaillancourt · da0c0f0b · b7c2645a · b7c2645a · b7c2645a
Commit b7c2645a authored Sep 17, 2020 by Paul Gascou-Vaillancourt
25 changed files
--- a/ee/app/assets/javascripts/pages/projects/security/dast_profiles/index.js
+++ b/ee/app/assets/javascripts/pages/projects/security/dast_profiles/index.js
+import initDastProfiles from 'ee/dast_profiles/dast_profiles_bundle';
+document.addEventListener('DOMContentLoaded', initDastProfiles);
--- a/ee/app/assets/javascripts/pages/projects/security/dast_scanner_profiles/edit/index.js
+++ b/ee/app/assets/javascripts/pages/projects/security/dast_scanner_profiles/edit/index.js
+import initDastScannerProfileForm from 'ee/dast_scanner_profiles/dast_scanner_profiles_bundle';
+document.addEventListener('DOMContentLoaded', initDastScannerProfileForm);
--- a/ee/app/assets/javascripts/pages/projects/security/dast_scanner_profiles/new/index.js
+++ b/ee/app/assets/javascripts/pages/projects/security/dast_scanner_profiles/new/index.js
+import initDastScannerProfileForm from 'ee/dast_scanner_profiles/dast_scanner_profiles_bundle';
+document.addEventListener('DOMContentLoaded', initDastScannerProfileForm);
--- a/ee/app/assets/javascripts/pages/projects/security/dast_site_profiles/edit/index.js
+++ b/ee/app/assets/javascripts/pages/projects/security/dast_site_profiles/edit/index.js
+import initDastSiteProfileForm from 'ee/dast_site_profiles_form';
+document.addEventListener('DOMContentLoaded', initDastSiteProfileForm);
--- a/ee/app/assets/javascripts/pages/projects/security/dast_site_profiles/new/index.js
+++ b/ee/app/assets/javascripts/pages/projects/security/dast_site_profiles/new/index.js
+import initDastSiteProfileForm from 'ee/dast_site_profiles_form';
+document.addEventListener('DOMContentLoaded', initDastSiteProfileForm);
--- a/ee/app/controllers/projects/dast_profiles_controller.rb
+++ b/ee/app/controllers/projects/dast_profiles_controller.rb
@@ -7,7 +7,7 @@ module Projects
      push_frontend_feature_flag(:security_on_demand_scans_scanner_profiles, project, default_enabled: true)
    end
-    def index
+    def show
    end
  end
 end
--- a/ee/app/controllers/projects/security/dast_profiles_controller.rb
+++ b/ee/app/controllers/projects/security/dast_profiles_controller.rb
+# frozen_string_literal: true
+module Projects
+  module Security
+    class DastProfilesController < Projects::ApplicationController
+      before_action :authorize_read_on_demand_scans!
+      before_action do
+        push_frontend_feature_flag(:security_on_demand_scans_scanner_profiles, project, default_enabled: true)
+      end
+      def show
+      end
+    end
+  end
+end
--- a/ee/app/controllers/projects/security/dast_scanner_profiles_controller.rb
+++ b/ee/app/controllers/projects/security/dast_scanner_profiles_controller.rb
+# frozen_string_literal: true
+module Projects
+  module Security
+    class DastScannerProfilesController < Projects::ApplicationController
+      before_action :authorize_read_on_demand_scans!
+      def new
+      end
+      def edit
+        @scanner_profile = @project
+          .dast_scanner_profiles
+          .find(params[:id])
+      end
+    end
+  end
+end
--- a/ee/app/controllers/projects/security/dast_site_profiles_controller.rb
+++ b/ee/app/controllers/projects/security/dast_site_profiles_controller.rb
+# frozen_string_literal: true
+module Projects
+  module Security
+    class DastSiteProfilesController < Projects::ApplicationController
+      before_action do
+        authorize_read_on_demand_scans!
+        push_frontend_feature_flag(:security_on_demand_scans_site_validation, @project)
+      end
+      def new
+      end
+      def edit
+        @site_profile = DastSiteProfilesFinder.new(project_id: @project.id, id: params[:id]).execute.first! # rubocop: disable CodeReuse/ActiveRecord
+      end
+    end
+  end
+end
--- a/ee/app/views/projects/dast_profiles/index.html.haml
+++ b/ee/app/views/projects/dast_profiles/index.html.haml
--- a/ee/app/views/projects/security/dast_profiles/show.html.haml
+++ b/ee/app/views/projects/security/dast_profiles/show.html.haml
+- add_to_breadcrumbs _('Security Configuration'), project_security_configuration_path(@project)
+- breadcrumb_title s_('DastProfiles|Manage profiles')
+- page_title s_('DastProfiles|Manage profiles')
+.js-dast-profiles{ data: { new_dast_site_profile_path: new_project_security_configuration_dast_profiles_dast_site_profile_path(@project),
+  new_dast_scanner_profile_path: new_project_security_configuration_dast_profiles_dast_scanner_profile_path(@project),
+  project_full_path: @project.path_with_namespace } }
--- a/ee/app/views/projects/security/dast_scanner_profiles/edit.html.haml
+++ b/ee/app/views/projects/security/dast_scanner_profiles/edit.html.haml
+- add_to_breadcrumbs _('Security Configuration'), project_security_configuration_path(@project)
+- add_to_breadcrumbs s_('DastProfiles|Manage profiles'), project_security_configuration_dast_profiles_path(@project, anchor: 'scanner-profiles')
+- breadcrumb_title s_('DastProfiles|Edit scanner profile')
+- page_title s_('DastProfiles|Edit scanner profile')
+.js-dast-scanner-profile-form{ data: { project_full_path: @project.path_with_namespace,
+profiles_library_path: project_security_configuration_dast_profiles_path(@project, anchor: 'scanner-profiles'),
+scanner_profile: { id: @scanner_profile.to_global_id.to_s, name: @scanner_profile.name, spider_timeout: @scanner_profile.spider_timeout, target_timeout: @scanner_profile.target_timeout }.to_json } }
--- a/ee/app/views/projects/security/dast_scanner_profiles/new.html.haml
+++ b/ee/app/views/projects/security/dast_scanner_profiles/new.html.haml
+- add_to_breadcrumbs _('Security Configuration'), project_security_configuration_path(@project)
+- add_to_breadcrumbs s_('DastProfiles|Manage profiles'), project_security_configuration_dast_profiles_path(@project, anchor: 'scanner-profiles')
+- breadcrumb_title s_('DastProfiles|New scanner profile')
+- page_title s_('DastProfiles|New scanner profile')
+.js-dast-scanner-profile-form{ data: { project_full_path: @project.path_with_namespace,
+profiles_library_path: project_security_configuration_dast_profiles_path(@project, anchor: 'scanner-profiles') } }
--- a/ee/app/views/projects/security/dast_site_profiles/edit.html.haml
+++ b/ee/app/views/projects/security/dast_site_profiles/edit.html.haml
+- add_to_breadcrumbs _('Security Configuration'), project_security_configuration_path(@project)
+- add_to_breadcrumbs s_('DastProfiles|Manage profiles'), project_security_configuration_dast_profiles_path(@project, anchor: 'site-profiles')
+- breadcrumb_title s_('DastProfiles|Edit site profile')
+- page_title s_('DastProfiles|Edit site profile')
+.js-dast-site-profile-form{ data: { full_path: @project.path_with_namespace,
+profiles_library_path: project_security_configuration_dast_profiles_path(@project, anchor: 'site-profiles'),
+site_profile: { id: @site_profile.to_global_id.to_s, name: @site_profile.name, target_url: @site_profile.dast_site.url }.to_json } }
--- a/ee/app/views/projects/security/dast_site_profiles/new.html.haml
+++ b/ee/app/views/projects/security/dast_site_profiles/new.html.haml
+- add_to_breadcrumbs _('Security Configuration'), project_security_configuration_path(@project)
+- add_to_breadcrumbs s_('DastProfiles|Manage profiles'), project_security_configuration_dast_profiles_path(@project, anchor: 'site-profiles')
+- breadcrumb_title s_('DastProfiles|New site profile')
+- page_title s_('DastProfiles|New site profile')
+.js-dast-site-profile-form{ data: { full_path: @project.path_with_namespace,
+profiles_library_path: project_security_configuration_dast_profiles_path(@project, anchor: 'site-profiles') } }
--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -59,6 +59,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
          resource :configuration, only: [:show], controller: :configuration do
            post :auto_fix, on: :collection
            resource :sast, only: [:show, :create], controller: :sast_configuration
+            resource :dast_profiles, only: [:show], controller: :dast_profiles do
+              resources :dast_site_profiles, only: [:new, :edit]
+              resources :dast_scanner_profiles, only: [:new, :edit]
+            end
          end
          resource :discover, only: [:show], controller: :discover
@@ -93,7 +97,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
        scope :on_demand_scans do
          root 'on_demand_scans#index', as: 'on_demand_scans'
          scope :profiles do
-            root 'dast_profiles#index', as: 'profiles'
+            root 'dast_profiles#show', as: 'profiles'
            resources :dast_site_profiles, only: [:new, :edit]
            resources :dast_scanner_profiles, only: [:new, :edit]
          end

--- a/ee/spec/requests/projects/security/dast_profiles_controller_spec.rb
+++ b/ee/spec/requests/projects/security/dast_profiles_controller_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe Projects::Security::DastProfilesController, type: :request do
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+  describe 'GET #index' do
+    context 'feature available' do
+      before do
+        stub_feature_flags(security_on_demand_scans_feature_flag: true)
+        stub_licensed_features(security_on_demand_scans: true)
+      end
+      context 'user authorized' do
+        before do
+          project.add_developer(user)
+          login_as(user)
+        end
+        it 'can access page' do
+          get project_security_configuration_dast_profiles_path(project)
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+      context 'user not authorized' do
+        before do
+          project.add_guest(user)
+          login_as(user)
+        end
+        it 'sees a 404 error' do
+          get project_security_configuration_dast_profiles_path(project)
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+    context 'feature not available' do
+      before do
+        project.add_developer(user)
+        login_as(user)
+      end
+      context 'feature flag is disabled' do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: false)
+          stub_licensed_features(security_on_demand_scans: true)
+          get project_security_configuration_dast_profiles_path(project)
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+      context 'license doesnt\'t support the feature' do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: true)
+          stub_licensed_features(security_on_demand_scans: false)
+          get project_security_configuration_dast_profiles_path(project)
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+  end
+end
--- a/ee/spec/requests/projects/security/dast_scanner_profiles_controller_spec.rb
+++ b/ee/spec/requests/projects/security/dast_scanner_profiles_controller_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe Projects::Security::DastScannerProfilesController, type: :request do
+  let_it_be(:project) { create(:project) }
+  let_it_be(:user) { create(:user) }
+  let_it_be(:dast_scanner_profile) { create(:dast_scanner_profile, project: project) }
+  shared_context 'on-demand scans feature available' do
+    before do
+      stub_feature_flags(security_on_demand_scans_feature_flag: true)
+      stub_licensed_features(security_on_demand_scans: true)
+    end
+  end
+  shared_context 'user authorized' do
+    before(:all) do
+      project.add_developer(user)
+    end
+    before do
+      login_as(user)
+    end
+  end
+  shared_examples 'a GET request' do
+    context 'feature available' do
+      include_context 'on-demand scans feature available'
+      context 'user authorized' do
+        include_context 'user authorized'
+        it 'can access page' do
+          get path
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+      context 'user not authorized' do
+        before do
+          project.add_guest(user)
+          login_as(user)
+        end
+        it 'sees a 404 error' do
+          get path
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+    context 'feature not available' do
+      using RSpec::Parameterized::TableSyntax
+      include_context 'user authorized'
+      where(:feature_flag_enabled, :license_support) do
+        false | true
+        true  | false
+      end
+      with_them do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: feature_flag_enabled)
+          stub_licensed_features(security_on_demand_scans: license_support)
+          get path
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+  end
+  describe 'GET #new' do
+    it_behaves_like 'a GET request' do
+      let(:path) { new_project_security_configuration_dast_profiles_dast_scanner_profile_path(project) }
+    end
+  end
+  describe 'GET #edit' do
+    include_context 'user authorized'
+    include_context 'on-demand scans feature available'
+    let(:edit_path) { edit_project_security_configuration_dast_profiles_dast_scanner_profile_path(project, dast_scanner_profile) }
+    it_behaves_like 'a GET request' do
+      let(:path) { edit_path }
+    end
+    it 'sets scanner_profile' do
+      get edit_path
+      expect(assigns(:scanner_profile)).to eq(dast_scanner_profile)
+    end
+  end
+end
--- a/ee/spec/requests/projects/security/dast_site_profiles_controller_spec.rb
+++ b/ee/spec/requests/projects/security/dast_site_profiles_controller_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe Projects::Security::DastSiteProfilesController, type: :request do
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+  let(:dast_site_profile) { create(:dast_site_profile, project: project) }
+  def with_feature_available
+    stub_feature_flags(security_on_demand_scans_feature_flag: true)
+    stub_licensed_features(security_on_demand_scans: true)
+  end
+  def with_user_authorized
+    project.add_developer(user)
+    login_as(user)
+  end
+  shared_examples 'a GET request' do
+    context 'feature available' do
+      before do
+        with_feature_available
+      end
+      context 'user authorized' do
+        before do
+          with_user_authorized
+        end
+        it 'can access page' do
+          get path
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+      context 'user not authorized' do
+        before do
+          project.add_guest(user)
+          login_as(user)
+        end
+        it 'sees a 404 error' do
+          get path
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+    context 'feature not available' do
+      before do
+        with_user_authorized
+      end
+      context 'feature flag is disabled' do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: false)
+          stub_licensed_features(security_on_demand_scans: true)
+          get path
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+      context 'license doesnt\'t support the feature' do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: true)
+          stub_licensed_features(security_on_demand_scans: false)
+          get path
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+  end
+  describe 'GET #new' do
+    it_behaves_like 'a GET request' do
+      let(:path) { new_project_security_configuration_dast_profiles_dast_site_profile_path(project) }
+    end
+  end
+  describe 'GET #edit' do
+    let(:edit_path) { edit_project_security_configuration_dast_profiles_dast_site_profile_path(project, dast_site_profile) }
+    it_behaves_like 'a GET request' do
+      let(:path) { edit_path }
+    end
+  end
+end
--- a/ee/spec/views/projects/dast_profiles/index.html.haml_spec.rb
+++ b/ee/spec/views/projects/dast_profiles/index.html.haml_spec.rb
@@ -2,7 +2,7 @@
 require 'spec_helper'
-RSpec.describe "projects/dast_profiles/index", type: :view do
+RSpec.describe "projects/dast_profiles/show", type: :view do
  before do
    @project = create(:project)
    render

--- a/ee/spec/views/projects/security/dast_profiles/show.html.haml_spec.rb
+++ b/ee/spec/views/projects/security/dast_profiles/show.html.haml_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe "projects/security/dast_profiles/show", type: :view do
+  before do
+    @project = create(:project)
+    render
+  end
+  it 'renders Vue app root' do
+    expect(rendered).to have_selector('.js-dast-profiles')
+  end
+  it 'passes new dast site profile path' do
+    expect(rendered).to include '/security/configuration/dast_profiles/dast_site_profiles/new'
+  end
+  it 'passes new dast scanner profile path' do
+    expect(rendered).to include '/security/configuration/dast_profiles/dast_scanner_profiles/new'
+  end
+  it 'passes project\'s full path' do
+    expect(rendered).to include @project.path_with_namespace
+  end
+end
--- a/ee/spec/views/projects/security/dast_scanner_profiles/edit.html.haml_spec.rb
+++ b/ee/spec/views/projects/security/dast_scanner_profiles/edit.html.haml_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe "projects/security/dast_scanner_profiles/edit", type: :view do
+  let_it_be(:scanner_profile) { create(:dast_scanner_profile) }
+  let_it_be(:scanner_profile_gid) { ::URI::GID.parse("gid://gitlab/DastScannerProfile/#{scanner_profile.id}") }
+  before do
+    assign(:project, scanner_profile.project)
+    assign(:scanner_profile, scanner_profile)
+    assign(:scanner_profile_gid, scanner_profile_gid)
+    render
+  end
+  it 'renders Vue app root' do
+    expect(rendered).to have_selector('.js-dast-scanner-profile-form')
+  end
+  it 'passes project\'s full path' do
+    expect(rendered).to include scanner_profile.project.path_with_namespace
+  end
+  it 'passes DAST profiles library URL' do
+    expect(rendered).to include '/security/configuration/dast_profiles'
+  end
+  it 'passes DAST scanner profile\'s data' do
+    expect(rendered).to include scanner_profile_gid.to_s
+    expect(rendered).to include scanner_profile.name
+    expect(rendered).to include scanner_profile.spider_timeout.to_s
+    expect(rendered).to include scanner_profile.target_timeout.to_s
+  end
+end
--- a/ee/spec/views/projects/security/dast_scanner_profiles/new.html.haml_spec.rb
+++ b/ee/spec/views/projects/security/dast_scanner_profiles/new.html.haml_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe "projects/security/dast_scanner_profiles/new", type: :view do
+  before do
+    @project = create(:project)
+    render
+  end
+  it 'renders Vue app root' do
+    expect(rendered).to have_selector('.js-dast-scanner-profile-form')
+  end
+  it 'passes project\'s full path' do
+    expect(rendered).to include @project.path_with_namespace
+  end
+  it 'passes DAST profiles library URL' do
+    expect(rendered).to include '/security/configuration/dast_profiles#scanner-profiles'
+  end
+end
--- a/ee/spec/views/projects/security/dast_site_profiles/edit.html.haml_spec.rb
+++ b/ee/spec/views/projects/security/dast_site_profiles/edit.html.haml_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe "projects/security/dast_site_profiles/edit", type: :view do
+  let_it_be(:site_profile) { create(:dast_site_profile) }
+  let_it_be(:site_profile_gid) { ::URI::GID.parse("gid://gitlab/DastSiteProfile/#{site_profile.id}") }
+  before do
+    assign(:project, site_profile.project)
+    assign(:site_profile, site_profile)
+    assign(:site_profile_gid, site_profile_gid)
+    render
+  end
+  it 'renders Vue app root' do
+    expect(rendered).to have_selector('.js-dast-site-profile-form')
+  end
+  it 'passes project\'s full path' do
+    expect(rendered).to include site_profile.project.path_with_namespace
+  end
+  it 'passes DAST profiles library URL' do
+    expect(rendered).to include '/security/configuration/dast_profiles#site-profiles'
+  end
+  it 'passes DAST site profile\'s data' do
+    expect(rendered).to include site_profile_gid.to_s
+    expect(rendered).to include site_profile.name
+    expect(rendered).to include site_profile.dast_site.url
+  end
+end
--- a/ee/spec/views/projects/security/dast_site_profiles/new.html.haml_spec.rb
+++ b/ee/spec/views/projects/security/dast_site_profiles/new.html.haml_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe "projects/security/dast_site_profiles/new", type: :view do
+  before do
+    @project = create(:project)
+    render
+  end
+  it 'renders Vue app root' do
+    expect(rendered).to have_selector('.js-dast-site-profile-form')
+  end
+  it 'passes project\'s full path' do
+    expect(rendered).to include @project.path_with_namespace
+  end
+  it 'passes DAST profiles library URL' do
+    expect(rendered).to include '/security/configuration/dast_profiles#site-profiles'
+  end
+end