Fix configuration issue for License Compliance

dd6fdbe0 · Tetiana Chupryna · Robert Speicher · fb46b18b · dd6fdbe0 · dd6fdbe0
Commit dd6fdbe0 authored Mar 17, 2020 by Tetiana Chupryna Committed by Robert Speicher Mar 17, 2020
5 changed files
--- a/ee/app/finders/security/license_management_jobs_finder.rb
+++ b/ee/app/finders/security/license_management_jobs_finder.rb
@@ -12,7 +12,7 @@
 module Security
  class LicenseManagementJobsFinder < JobsFinder
    def self.allowed_job_types
-      [:license_management]
+      [:license_management, :license_scanning]
    end
  end
 end
--- a/ee/app/presenters/projects/security/configuration_presenter.rb
+++ b/ee/app/presenters/projects/security/configuration_presenter.rb
@@ -12,6 +12,7 @@ module Projects
        dast: _('Analyze a review version of your web application.'),
        dependency_scanning: _('Analyze your dependencies for known vulnerabilities.'),
        license_management: _('Search your project dependencies for their licenses and apply policies.'),
+        license_scanning: _('Search your project dependencies for their licenses and apply policies.'),
        sast: _('Analyze your source code for known vulnerabilities.')
      }.freeze
@@ -20,6 +21,7 @@ module Projects
        dast: 'user/application_security/dast/index',
        dependency_scanning: 'user/application_security/dependency_scanning/index',
        license_management: 'user/application_security/license_compliance/index',
+        license_scanning: 'user/application_security/license_compliance/index',
        sast: 'user/application_security/sast/index'
      }.freeze
@@ -27,7 +29,8 @@ module Projects
        container_scanning: _('Container Scanning'),
        dast: _('Dynamic Application Security Testing (DAST)'),
        dependency_scanning: _('Dependency Scanning'),
-        license_management: _('License Compliance'),
+        license_management: 'License Management',
+        license_scanning: _('License Compliance'),
        sast: _('Static Application Security Testing (SAST)')
      }.freeze
@@ -44,7 +47,7 @@ module Projects
      private
      def features
-        scan_types.map do |scan_type|
+        scans = scan_types.map do |scan_type|
          if auto_devops_source?
            scan(scan_type, configured: true)
          elsif latest_builds_reports.include?(scan_type)
@@ -53,6 +56,9 @@ module Projects
            scan(scan_type, configured: false)
          end
        end
+        # TODO: remove this line with #8912
+        license_compliance_substitute(scans)
      end
      def latest_builds_reports
@@ -84,6 +90,25 @@ module Projects
        project_pipeline_path(self, latest_default_branch_pipeline)
      end
+      # In this method we define if License Compliance feature is configured
+      # by looking into `license_scanning` and `license_management` reports
+      # in 13.0 support for `license_management` report type is scheduled to be dropped.
+      # With this change we won't need this method anymore.
+      def license_compliance_substitute(scans)
+        license_management = scans.find { |scan_type| scan_type[:name] == SCAN_NAMES[:license_management] }
+        license_compliance_config = license_management.fetch(:configured, false)
+        scans.delete(license_management)
+        if license_compliance_config
+          scans.map do |scan_type|
+            scan_type[:configured] = true if scan_type[:name] == _('License Compliance')
+          end
+        end
+        scans
+      end
      def scan(type, configured: false)
        {
          configured: configured,

--- a/ee/changelogs/unreleased/209810-license-compliance-configuration.yml
+++ b/ee/changelogs/unreleased/209810-license-compliance-configuration.yml
+---
+title: Fix configuration issue for License Compliance
+merge_request: 27016
+author:
+type: fixed
--- a/ee/spec/presenters/projects/security/configuration_presenter_spec.rb
+++ b/ee/spec/presenters/projects/security/configuration_presenter_spec.rb
@@ -42,7 +42,7 @@ describe Projects::Security::ConfigurationPresenter do
          security_scan(:sast, configured: true),
          security_scan(:container_scanning, configured: true),
          security_scan(:dependency_scanning, configured: true),
-          security_scan(:license_management, configured: true)
+          security_scan(:license_scanning, configured: true)
        )
      end
    end
@@ -62,7 +62,7 @@ describe Projects::Security::ConfigurationPresenter do
          security_scan(:sast, configured: false),
          security_scan(:container_scanning, configured: false),
          security_scan(:dependency_scanning, configured: false),
-          security_scan(:license_management, configured: false)
+          security_scan(:license_scanning, configured: false)
        )
      end
    end
@@ -88,7 +88,7 @@ describe Projects::Security::ConfigurationPresenter do
          security_scan(:sast, configured: true),
          security_scan(:container_scanning, configured: false),
          security_scan(:dependency_scanning, configured: false),
-          security_scan(:license_management, configured: false)
+          security_scan(:license_scanning, configured: false)
        )
      end
@@ -102,7 +102,7 @@ describe Projects::Security::ConfigurationPresenter do
          security_scan(:sast, configured: true),
          security_scan(:container_scanning, configured: false),
          security_scan(:dependency_scanning, configured: false),
-          security_scan(:license_management, configured: false)
+          security_scan(:license_scanning, configured: false)
        )
      end
@@ -122,7 +122,19 @@ describe Projects::Security::ConfigurationPresenter do
          security_scan(:sast, configured: true),
          security_scan(:container_scanning, configured: false),
          security_scan(:dependency_scanning, configured: false),
-          security_scan(:license_management, configured: false)
+          security_scan(:license_scanning, configured: false)
+        )
+      end
+      it 'detect new license compliance job' do
+        create(:ci_build, :license_scanning, pipeline: pipeline)
+        expect(JSON.parse(subject[:features])).to contain_exactly(
+          security_scan(:dast, configured: true),
+          security_scan(:sast, configured: true),
+          security_scan(:container_scanning, configured: false),
+          security_scan(:dependency_scanning, configured: false),
+          security_scan(:license_scanning, configured: true)
        )
      end

--- a/spec/factories/ci/builds.rb
+++ b/spec/factories/ci/builds.rb
@@ -355,6 +355,8 @@ FactoryBot.define do
      options { {} }
    end
+    # TODO: move Security traits to ee_ci_build
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/210486
    trait :dast do
      options do
        {
@@ -395,6 +397,14 @@ FactoryBot.define do
      end
    end
+    trait :license_scanning do
+      options do
+        {
+          artifacts: { reports: { license_management: 'gl-license-scanning-report.json' } }
+        }
+      end
+    end
    trait :non_playable do
      status { 'created' }
      self.when { 'manual' }