Commit b7d76560 authored by rossfuhrman's avatar rossfuhrman Committed by Mayra Cabrera

Add rails app code for revocation API access

Add rails application configuration providing access to revocation API
parent 96bb773e
......@@ -415,6 +415,7 @@ class ApplicationSetting < ApplicationRecord
attr_encrypted :slack_app_secret, encryption_options_base_truncated_aes_256_gcm
attr_encrypted :slack_app_verification_token, encryption_options_base_truncated_aes_256_gcm
attr_encrypted :ci_jwt_signing_key, encryption_options_base_truncated_aes_256_gcm
attr_encrypted :secret_detection_token_revocation_token, encryption_options_base_truncated_aes_256_gcm
before_validation :ensure_uuid!
......
......@@ -58,6 +58,9 @@ module EE
:pseudonymizer_enabled,
:repository_size_limit,
:seat_link_enabled,
:secret_detection_token_revocation_enabled,
:secret_detection_token_revocation_url,
:secret_detection_token_revocation_token,
:shared_runners_minutes,
:slack_app_enabled,
:slack_app_id,
......
......@@ -147,6 +147,9 @@ module EE
pseudonymizer_enabled: false,
repository_size_limit: 0,
seat_link_enabled: Settings.gitlab['seat_link_enabled'],
secret_detection_token_revocation_enabled: false,
secret_detection_token_revocation_url: nil,
secret_detection_token_revocation_token: nil,
slack_app_enabled: false,
slack_app_id: nil,
slack_app_secret: nil,
......
---
title: Add app code for secret detection token revocation
merge_request: 46337
author:
type: added
......@@ -30,6 +30,11 @@ module EE
optional :elasticsearch_project_ids, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The project ids to index with Elasticsearch.'
end
optional :secret_detection_token_revocation_enabled, type: ::Grape::API::Boolean, desc: 'Enable Secret Detection Token Revocation'
given secret_detection_token_revocation_enabled: ->(val) { val } do
requires :secret_detection_token_revocation_url, type: String, desc: 'The configured Secret Detection Token Revocation instance URL'
end
optional :email_additional_text, type: String, desc: 'Additional text added to the bottom of every email for legal/auditing/compliance reasons'
optional :default_project_deletion_protection, type: Grape::API::Boolean, desc: 'Disable project owners ability to delete project'
optional :deletion_adjourned_period, type: Integer, desc: 'Number of days between marking project as deleted and actual removal'
......
......@@ -67,6 +67,31 @@ RSpec.describe API::Settings, 'EE Settings' do
expect(ElasticsearchIndexedProject.count).to eq(1)
end
end
context 'secret_detection_token_revocation_enabled is true' do
context 'secret_detection_token_revocation_url value is present' do
it 'updates secret_detection_token_revocation_url' do
put api('/application/settings', admin),
params: {
secret_detection_token_revocation_enabled: true,
secret_detection_token_revocation_url: 'https://example.com/secret_detection_token_revocation'
}
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['secret_detection_token_revocation_enabled']).to be(true)
expect(json_response['secret_detection_token_revocation_url']).to eq('https://example.com/secret_detection_token_revocation')
end
end
context 'missing secret_detection_token_revocation_url value' do
it 'returns a blank parameter error message' do
put api('/application/settings', admin), params: { secret_detection_token_revocation_enabled: true }
expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response['error']).to include('secret_detection_token_revocation_url is missing')
end
end
end
end
shared_examples 'settings for licensed features' do
......
......@@ -22,6 +22,7 @@ RSpec.describe API::Settings, 'Settings' do
expect(json_response['default_ci_config_path']).to be_nil
expect(json_response['sourcegraph_enabled']).to be_falsey
expect(json_response['sourcegraph_url']).to be_nil
expect(json_response['secret_detection_token_revocation_url']).to be_nil
expect(json_response['sourcegraph_public_only']).to be_truthy
expect(json_response['default_project_visibility']).to be_a String
expect(json_response['default_snippet_visibility']).to be_a String
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment