Commit f9c14577 authored by Alan (Maciej) Paruszewski's avatar Alan (Maciej) Paruszewski Committed by Kamil Trzciński

Add mutation to unlink policy project

parent b5ba302e
......@@ -4097,6 +4097,26 @@ Input type: `SecurityPolicyProjectCreateInput`
| <a id="mutationsecuritypolicyprojectcreateerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
| <a id="mutationsecuritypolicyprojectcreateproject"></a>`project` | [`Project`](#project) | Security Policy Project that was created. |
### `Mutation.securityPolicyProjectUnassign`
Unassigns the security policy project for the given project(`project_path`).
Input type: `SecurityPolicyProjectUnassignInput`
#### Arguments
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="mutationsecuritypolicyprojectunassignclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
| <a id="mutationsecuritypolicyprojectunassignprojectpath"></a>`projectPath` | [`ID!`](#id) | Full path of the project. |
#### Fields
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="mutationsecuritypolicyprojectunassignclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
| <a id="mutationsecuritypolicyprojectunassignerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
### `Mutation.terraformStateDelete`
Input type: `TerraformStateDeleteInput`
......
......@@ -81,6 +81,7 @@ module EE
mount_mutation ::Mutations::Projects::SetComplianceFramework
mount_mutation ::Mutations::SecurityPolicy::CommitScanExecutionPolicy
mount_mutation ::Mutations::SecurityPolicy::AssignSecurityPolicyProject
mount_mutation ::Mutations::SecurityPolicy::UnassignSecurityPolicyProject
mount_mutation ::Mutations::SecurityPolicy::CreateSecurityPolicyProject
mount_mutation ::Mutations::Security::CiConfiguration::ConfigureDependencyScanning
mount_mutation ::Mutations::AuditEvents::ExternalAuditEventDestinations::Create
......
# frozen_string_literal: true
module Mutations
module SecurityPolicy
class UnassignSecurityPolicyProject < BaseMutation
include FindsProject
graphql_name 'SecurityPolicyProjectUnassign'
description 'Unassigns the security policy project for the given project(`project_path`).'
authorize :update_security_orchestration_policy_project
argument :project_path, GraphQL::Types::ID,
required: true,
description: 'Full path of the project.'
def resolve(args)
project = authorized_find!(args[:project_path])
result = unassign_project(project)
{
errors: result.success? ? [] : [result.message]
}
end
private
def unassign_project(project)
::Security::Orchestration::UnassignService
.new(project, current_user)
.execute
end
end
end
end
# frozen_string_literal: true
module Security
module Orchestration
class UnassignService < ::BaseService
def execute
return error(_('Policy project doesn\'t exist')) unless security_orchestration_policy_configuration
result = security_orchestration_policy_configuration.delete
return success if result
error(project.security_orchestration_policy_configuration.errors.full_messages.to_sentence)
end
private
delegate :security_orchestration_policy_configuration, to: :project
def success
ServiceResponse.success
end
def error(message)
ServiceResponse.error(message: message)
end
end
end
end
......@@ -62,5 +62,9 @@ FactoryBot.modify do
project.project_setting.save!
end
end
trait :with_security_orchestration_policy_configuration do
association :security_orchestration_policy_configuration, factory: :security_orchestration_policy_configuration
end
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Mutations::SecurityPolicy::UnassignSecurityPolicyProject do
let(:mutation) { described_class.new(object: nil, context: { current_user: current_user }, field: nil) }
describe '#resolve' do
let_it_be(:owner) { create(:user) }
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :with_security_orchestration_policy_configuration, namespace: owner.namespace) }
let_it_be(:project_without_policy_project) { create(:project, namespace: owner.namespace) }
let(:project_full_path) { project.full_path }
let(:current_user) { owner }
subject { mutation.resolve(project_path: project_full_path) }
context 'when permission is set for user' do
before do
stub_licensed_features(security_orchestration_policies: true)
end
context 'when user is an owner of the project' do
context 'when policy project is assigned to a project' do
it 'assigns the security policy project' do
result = subject
expect(result[:errors]).to be_empty
expect(project.reload.security_orchestration_policy_configuration).to be_blank
end
end
context 'when policy project is not assigned to a project' do
let(:project_full_path) { project_without_policy_project.full_path }
it 'respond with an error' do
result = subject
expect(result[:errors]).to match_array(["Policy project doesn't exist"])
end
end
end
context 'when user is not an owner' do
let(:current_user) { user }
before do
project.add_maintainer(user)
end
it 'raises exception' do
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end
end
end
context 'when feature is not licensed' do
before do
stub_licensed_features(security_orchestration_policies: false)
end
it 'raises exception' do
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end
end
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Security::Orchestration::UnassignService do
let_it_be(:project, reload: true) { create(:project, :with_security_orchestration_policy_configuration) }
let_it_be(:project_without_policy_project, reload: true) { create(:project) }
let(:service) { described_class.new(project, nil) }
describe '#execute' do
subject(:result) { service.execute }
context 'when policy project is assigned to a project' do
let(:service) { described_class.new(project, nil) }
it 'unassigns policy project from the project', :aggregate_failures do
expect(result).to be_success
expect(project.security_orchestration_policy_configuration).to be_destroyed
end
end
context 'when policy project is not assigned to a project' do
let(:service) { described_class.new(project_without_policy_project, nil) }
it 'respond with an error', :aggregate_failures do
expect(result).not_to be_success
expect(result.message).to eq("Policy project doesn't exist")
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment