Create DAST site profile fixture with secrets

ee/spec/frontend/fixtures/dast_profiles.rb

@@ -7,6 +7,7 @@ RSpec.describe 'DAST profiles (GraphQL fixtures)' do
     include ApiHelpers
     include GraphqlHelpers
     include JavaScriptFixturesHelpers
+    include API::Helpers::GraphqlHelpers
 
     let_it_be(:current_user) { create(:user) }
     let_it_be(:project) { create(:project, :repository, :public) }
@@ -118,31 +119,36 @@ RSpec.describe 'DAST profiles (GraphQL fixtures)' do
               :dast_site_profile,
               name: "Non-validated",
               auth_username: "non-validated@example.com",
-              project: project, dast_site: dast_site_none
+              project: project,
+              dast_site: dast_site_none
             ),
             create(
               :dast_site_profile,
               name: "Validation failed",
               auth_username: "validation-failed@example.com",
-              project: project, dast_site: dast_site_failed
+              project: project,
+              dast_site: dast_site_failed
             ),
             create(
               :dast_site_profile,
               name: "Validation passed",
               auth_username: "validation-passed@example.com",
-              project: project, dast_site: dast_site_passed
+              project: project,
+              dast_site: dast_site_passed
             ),
             create(
               :dast_site_profile,
               name: "Validation in progress",
               auth_username: "validation-in-progress@example.com",
-              project: project, dast_site: dast_site_inprogress
+              project: project,
+              dast_site: dast_site_inprogress
             ),
             create(
               :dast_site_profile,
               name: "Validation pending",
               auth_username: "validation-pending@example.com",
-              project: project, dast_site: dast_site_pending
+              project: project,
+              dast_site: dast_site_pending
             )
           ]
         end
@@ -159,6 +165,37 @@ RSpec.describe 'DAST profiles (GraphQL fixtures)' do
           expect(graphql_data_at(:project, :siteProfiles, :edges)).to have_attributes(size: 5)
         end
       end
+
+      context 'dast site profile with secret variables' do
+        let(:response) { @site_profile.to_json }
+        let_it_be(:dast_site_profile) { create(:dast_site_profile, project: project) }
+        let_it_be(:request_headers_variable) { create(:dast_site_profile_secret_variable, :request_headers, dast_site_profile: dast_site_profile) }
+        let_it_be(:password_variable) { create(:dast_site_profile_secret_variable, :password, dast_site_profile: dast_site_profile) }
+
+        it "security_configuration/dast_profiles/dast_site_profile_with_secrets.json" do
+          query = %(
+            {
+              project(fullPath: "#{project.full_path}") {
+                dastSiteProfile(id: "#{Gitlab::GlobalId.as_global_id(dast_site_profile.id, model_name: 'DastSiteProfile')}") {
+                  id
+                  name: profileName
+                  targetUrl
+                  targetType
+                  excludedUrls
+                  requestHeaders
+                  auth { enabled url username usernameField password passwordField }
+                  referencedInSecurityPolicies
+                }
+              }
+            }
+          )
+          @site_profile = run_graphql!(
+            query: query,
+            context: { current_user: current_user },
+            transform: -> (result) { result.dig('data', 'project', 'dastSiteProfile') }
+          )
+        end
+      end
     end
 
     describe 'dast_scanner_profiles' do
@@ -205,7 +242,10 @@ RSpec.describe 'DAST profiles (GraphQL fixtures)' do
       path = 'on_demand_scans/graphql/scheduled_dast_profiles.query.graphql'
 
       let_it_be(:dast_profile) { create(:dast_profile, project: project) }
-      let_it_be(:dast_profile_schedule) { create(:dast_profile_schedule, project: project, dast_profile: dast_profile)}
+      let_it_be(:dast_profile_schedule) do
+        create(:dast_profile_schedule, project: project,
+        dast_profile: dast_profile)
+      end
 
       it "graphql/#{path}.json" do
         query = get_graphql_query_as_string(path, ee: true)

ee/spec/frontend/security_configuration/dast_profiles/dast_site_profiles/components/dast_site_profile_form_spec.js

 import { GlForm } from '@gitlab/ui';
 import { within } from '@testing-library/dom';
 import merge from 'lodash/merge';
+import siteProfileWithSecrets from 'test_fixtures/security_configuration/dast_profiles/dast_site_profile_with_secrets.json';
 import BaseDastProfileForm from 'ee/security_configuration/dast_profiles/components/base_dast_profile_form.vue';
 import DastSiteAuthSection from 'ee/security_configuration/dast_profiles/dast_site_profiles/components/dast_site_auth_section.vue';
 import DastSiteProfileForm from 'ee/security_configuration/dast_profiles/dast_site_profiles/components/dast_site_profile_form.vue';
 import dastSiteProfileCreateMutation from 'ee/security_configuration/dast_profiles/dast_site_profiles/graphql/dast_site_profile_create.mutation.graphql';
 import dastSiteProfileUpdateMutation from 'ee/security_configuration/dast_profiles/dast_site_profiles/graphql/dast_site_profile_update.mutation.graphql';
-import { siteProfiles, policySiteProfile } from 'ee_jest/on_demand_scans_form/mocks/mock_data';
+import { policySiteProfile } from 'ee_jest/on_demand_scans_form/mocks/mock_data';
 import { TEST_HOST } from 'helpers/test_constants';
 import { mountExtended, shallowMountExtended } from 'helpers/vue_test_utils_helper';
 
-const [siteProfileOne] = siteProfiles;
 const projectFullPath = 'group/project';
 const profilesLibraryPath = `${TEST_HOST}/${projectFullPath}/-/security/configuration/dast_scans`;
 const onDemandScansPath = `${TEST_HOST}/${projectFullPath}/-/on_demand_scans`;
@@ -59,7 +59,7 @@ describe('DastSiteProfileForm', () => {
     await setFieldValue(findTargetUrlInput(), targetUrl);
     await setFieldValue(findExcludedUrlsInput(), excludedUrls);
     await setFieldValue(findRequestHeadersInput(), requestHeaders);
-    await setAuthFieldsValues(siteProfileOne.auth);
+    await setAuthFieldsValues(siteProfileWithSecrets.auth);
   };
 
   const setTargetType = async (type) => {
@@ -158,17 +158,19 @@ describe('DastSiteProfileForm', () => {
       it('when updating an existing profile', () => {
         createComponent({
           propsData: {
-            profile: siteProfileOne,
+            profile: siteProfileWithSecrets,
           },
         });
-        expect(findRequestHeadersInput().element.value).toBe(siteProfileOne.requestHeaders);
-        expect(findByNameAttribute('password').element.value).toBe(siteProfileOne.auth.password);
+        expect(findRequestHeadersInput().element.value).toBe(siteProfileWithSecrets.requestHeaders);
+        expect(findByNameAttribute('password').element.value).toBe(
+          siteProfileWithSecrets.auth.password,
+        );
       });
 
       it('when updating an existing profile with no request-header & password', () => {
         createComponent({
           propsData: {
-            profile: { ...siteProfileOne, requestHeaders: null, auth: { enabled: true } },
+            profile: { ...siteProfileWithSecrets, requestHeaders: null, auth: { enabled: true } },
           },
         });
         expect(findRequestHeadersInput().element.value).toBe('');
@@ -186,9 +188,9 @@ describe('DastSiteProfileForm', () => {
       });
 
       describe.each`
-        title                  | profile           | mutationVars                     | mutation                         | mutationKind
-        ${'New site profile'}  | ${{}}             | ${{ fullPath: projectFullPath }} | ${dastSiteProfileCreateMutation} | ${'dastSiteProfileCreate'}
-        ${'Edit site profile'} | ${siteProfileOne} | ${{ id: siteProfileOne.id }}     | ${dastSiteProfileUpdateMutation} | ${'dastSiteProfileUpdate'}
+        title                  | profile                   | mutationVars                         | mutation                         | mutationKind
+        ${'New site profile'}  | ${{}}                     | ${{ fullPath: projectFullPath }}     | ${dastSiteProfileCreateMutation} | ${'dastSiteProfileCreate'}
+        ${'Edit site profile'} | ${siteProfileWithSecrets} | ${{ id: siteProfileWithSecrets.id }} | ${dastSiteProfileUpdateMutation} | ${'dastSiteProfileUpdate'}
       `('$title', ({ profile, mutationVars, mutation, mutationKind }) => {
         beforeEach(() => {
           createComponent({
@@ -208,7 +210,7 @@ describe('DastSiteProfileForm', () => {
           expect(baseDastProfileForm.props('mutationVariables')).toEqual({
             profileName,
             targetUrl,
-            excludedUrls: siteProfileOne.excludedUrls,
+            excludedUrls: excludedUrls.split(', '),
             requestHeaders,
             targetType: 'API',
             ...mutationVars,
@@ -219,9 +221,9 @@ describe('DastSiteProfileForm', () => {
   });
 
   describe.each`
-    title                  | profile           | mutationVars                 | mutationKind
-    ${'New site profile'}  | ${{}}             | ${{}}                        | ${'dastSiteProfileCreate'}
-    ${'Edit site profile'} | ${siteProfileOne} | ${{ id: siteProfileOne.id }} | ${'dastSiteProfileUpdate'}
+    title                  | profile                   | mutationVars                         | mutationKind
+    ${'New site profile'}  | ${{}}                     | ${{}}                                | ${'dastSiteProfileCreate'}
+    ${'Edit site profile'} | ${siteProfileWithSecrets} | ${{ id: siteProfileWithSecrets.id }} | ${'dastSiteProfileUpdate'}
   `('$title', ({ profile, title, mutationVars, mutationKind }) => {
     beforeEach(() => {
       createComponent({
@@ -252,7 +254,7 @@ describe('DastSiteProfileForm', () => {
     beforeEach(() => {
       createShallowComponent({
         propsData: {
-          profile: siteProfileOne,
+          profile: siteProfileWithSecrets,
         },
       });
     });