Provide branch information from dastProfiles

- Add dast_branch_selection ff disabled by default - Add new field and associated type

Provide branch information from dastProfiles
6ee51821 · Philip Cunningham · b4ad8f3d · 6ee51821 · 6ee51821 · 6ee51821
Unverified Commit 6ee51821 authored 4 years ago by Philip Cunningham
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -1098,6 +1098,7 @@ Represents a DAST Profile.
  
 | Field | Type | Description |
 | ----- | ---- | ----------- |
+| `branch` | DastProfileBranch | The associated branch. Will always return `null`if `dast_branch_selection` feature flag is disabled. |
 | `dastScannerProfile` | DastScannerProfile | The associated scanner profile. |
 | `dastSiteProfile` | DastSiteProfile | The associated site profile. |
 | `description` | String | The description of the scan. |
@@ -1105,6 +1106,15 @@ Represents a DAST Profile.
 | `id` | DastProfileID! | ID of the profile. |
 | `name` | String | The name of the profile. |
  
+### DastProfileBranch
+
+Represents a DAST Profile Branch.
+
+| Field | Type | Description |
+| ----- | ---- | ----------- |
+| `exists` | Boolean | Indicates whether or not the branch exists. |
+| `name` | String | The name of the branch. |
+
 ### DastProfileCreatePayload
  
 Autogenerated return type of DastProfileCreate.

--- a/ee/app/graphql/types/dast/profile_branch_type.rb
+++ b/ee/app/graphql/types/dast/profile_branch_type.rb
+# frozen_string_literal: true
+
+module Types
+  module Dast
+    class ProfileBranchType < BaseObject
+      graphql_name 'DastProfileBranch'
+      description 'Represents a DAST Profile Branch'
+
+      authorize :read_on_demand_scans
+
+      field :name, GraphQL::STRING_TYPE, null: true,
+            description: 'The name of the branch.',
+            calls_gitaly: true
+
+      field :exists, GraphQL::BOOLEAN_TYPE, null: true,
+            description: 'Indicates whether or not the branch exists.',
+            calls_gitaly: true
+    end
+  end
+end
--- a/ee/app/graphql/types/dast/profile_type.rb
+++ b/ee/app/graphql/types/dast/profile_type.rb
@@ -6,6 +6,8 @@ class ProfileType < BaseObject
      graphql_name 'DastProfile'
      description 'Represents a DAST Profile'
  
+      ProfileBranch = Struct.new(:name, :exists)
+
      authorize :read_on_demand_scans
  
      field :id, ::Types::GlobalIDType[::Dast::Profile], null: false,
@@ -23,9 +25,20 @@ class ProfileType < BaseObject
      field :dast_scanner_profile, DastScannerProfileType, null: true,
            description: 'The associated scanner profile.'
  
+      field :branch, Dast::ProfileBranchType, null: true,
+            description: 'The associated branch. Will always return `null`' \
+                         'if `dast_branch_selection` feature flag is disabled.',
+            calls_gitaly: true
+
      field :edit_path, GraphQL::STRING_TYPE, null: true,
            description: 'Relative web path to the edit page of a profile.'
  
+      def branch
+        return unless Feature.enabled?(:dast_branch_selection, object.project, default_enabled: :yaml)
+
+        object.branch
+      end
+
      def edit_path
        Gitlab::Routing.url_helpers.edit_project_on_demand_scan_path(object.project, object)
      end

--- a/ee/app/models/dast/branch.rb
+++ b/ee/app/models/dast/branch.rb
+# frozen_string_literal: true
+
+module Dast
+  Branch = Struct.new(:project) do
+    def name
+      project.default_branch
+    end
+
+    def exists
+      project.repository.branch_exists?(project.default_branch)
+    end
+  end
+end
--- a/ee/app/models/dast/profile.rb
+++ b/ee/app/models/dast/profile.rb
@@ -19,6 +19,12 @@ class Profile < ApplicationRecord
      where(project_id: project_id)
    end
  
+    def branch
+      return unless project.repository.exists?
+
+      Dast::Branch.new(project)
+    end
+
    private
  
    def project_ids_match

--- a/ee/app/policies/dast/branch_policy.rb
+++ b/ee/app/policies/dast/branch_policy.rb
+# frozen_string_literal: true
+
+module Dast
+  class BranchPolicy < BasePolicy
+    delegate { @subject.project }
+  end
+end
--- a/ee/config/feature_flags/development/dast_branch_selection.yml
+++ b/ee/config/feature_flags/development/dast_branch_selection.yml
+---
+name: dast_branch_selection
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55015
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/322672
+milestone: '13.10'
+type: development
+group: group::dynamic analysis
+default_enabled: false
--- a/ee/spec/graphql/types/dast/profile_type_spec.rb
+++ b/ee/spec/graphql/types/dast/profile_type_spec.rb
@@ -5,10 +5,10 @@
 RSpec.describe GitlabSchema.types['DastProfile'] do
  include GraphqlHelpers
  
-  let_it_be(:object) { create(:dast_profile) }
-  let_it_be(:project) { object.project }
+  let_it_be(:project) { create(:project, :repository) }
+  let_it_be(:object) { create(:dast_profile, project: project) }
  let_it_be(:user) { create(:user, developer_projects: [project]) }
-  let_it_be(:fields) { %i[id name description dastSiteProfile dastScannerProfile editPath] }
+  let_it_be(:fields) { %i[id name description dastSiteProfile dastScannerProfile branch editPath] }
  
  specify { expect(described_class.graphql_name).to eq('DastProfile') }
  specify { expect(described_class).to require_graphql_authorizations(:read_on_demand_scans) }
@@ -19,8 +19,26 @@
  
  it { expect(described_class).to have_graphql_fields(fields) }
  
+  describe 'branch field' do
+    context 'when the feature flag is disabled' do
+      it 'resolves nil' do
+        stub_feature_flags(dast_branch_selection: false)
+
+        expect(resolve_field(:branch, object, current_user: user)).to eq(nil)
+      end
+    end
+
+    context 'when the feature flag is enabled' do
+      it 'correctly resolves the field' do
+        expected_result = OpenStruct.new(name: project.default_branch, exists: true)
+
+        expect(resolve_field(:branch, object, current_user: user)).to eq(expected_result)
+      end
+    end
+  end
+
  describe 'editPath field' do
-    it 'correctly renders the field' do
+    it 'correctly resolves the field' do
      expected_result = Gitlab::Routing.url_helpers.edit_project_on_demand_scan_path(project, object)
  
      expect(resolve_field(:edit_path, object, current_user: user)).to eq(expected_result)

--- a/ee/spec/models/dast/profile_spec.rb
+++ b/ee/spec/models/dast/profile_spec.rb
@@ -75,4 +75,27 @@
      end
    end
  end
+
+  describe 'instance methods' do
+    describe '#branch' do
+      context 'when the associated project does not have a repository' do
+        it 'returns nil' do
+          expect(subject.branch).to be_nil
+        end
+      end
+
+      context 'when the associated project has a repository' do
+        let_it_be(:project) { create(:project, :repository) }
+
+        subject { create(:dast_profile, project: project) }
+
+        it 'returns an object that correctly populates #name and #exist', :aggregate_failures do
+          branch = subject.branch
+
+          expect(branch.name).to eq(project.default_branch)
+          expect(branch.exists).to eq(true)
+        end
+      end
+    end
+  end
 end
--- a/ee/spec/requests/api/graphql/project/dast_profiles_spec.rb
+++ b/ee/spec/requests/api/graphql/project/dast_profiles_spec.rb
@@ -5,7 +5,7 @@
 RSpec.describe 'Query.project(fullPath).dastProfiles' do
  include GraphqlHelpers
  
-  let_it_be(:project) { create(:project) }
+  let_it_be(:project) { create(:project, :repository) }
  let_it_be(:current_user) { create(:user) }
  let_it_be(:dast_profile1) { create(:dast_profile, project: project) }
  let_it_be(:dast_profile2) { create(:dast_profile, project: project) }
@@ -87,7 +87,7 @@ def pagination_query(arguments)
    graphql_query_for(
      :project,
      { full_path: project.full_path },
-      query_nodes(:dast_profiles, 'id', include_pagination_info: true, args: arguments)
+      query_nodes(:dast_profiles, 'id branch { name }', include_pagination_info: true, args: arguments)
    )
  end
 end