Allow removing policy project

1cb29102 · Can Eldem · 2d3735bd · 1cb29102 · 1cb29102 · 1cb29102
Commit 1cb29102 authored 3 years ago by Can Eldem
--- a/ee/app/models/security/orchestration_policy_configuration.rb
+++ b/ee/app/models/security/orchestration_policy_configuration.rb
@@ -14,7 +14,7 @@ class OrchestrationPolicyConfiguration < ApplicationRecord
    belongs_to :security_policy_management_project, class_name: 'Project', foreign_key: 'security_policy_management_project_id'
  
    validates :project, presence: true, uniqueness: true
-    validates :security_policy_management_project, presence: true, uniqueness: true
+    validates :security_policy_management_project, presence: true
  
    def enabled?
      ::Feature.enabled?(:security_orchestration_policies_configuration, project)

--- a/ee/app/services/security/orchestration/assign_service.rb
+++ b/ee/app/services/security/orchestration/assign_service.rb
@@ -9,7 +9,7 @@ def execute
        return success if res
  
      rescue ActiveRecord::RecordNotFound => _
-        error(_('Policy project doesn\'t exists'))
+        error(_('Policy project doesn\'t exist'))
      rescue ActiveRecord::RecordInvalid => _
        error(_('Couldn\'t assign policy to project'))
      end
@@ -17,6 +17,10 @@ def execute
      private
  
      def create_or_update_security_policy_configuration
+        if policy_project_id.blank? && has_existing_policy?
+          return unassign_policy_project
+        end
+
        policy_project = Project.find(policy_project_id)
  
        if has_existing_policy?
@@ -30,6 +34,10 @@ def create_or_update_security_policy_configuration
        end
      end
  
+      def unassign_policy_project
+        project.security_orchestration_policy_configuration.delete
+      end
+
      def success
        ServiceResponse.success(payload: { policy_project: policy_project_id })
      end

--- a/ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml
+++ b/ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml
@@ -44,7 +44,7 @@
          = link_to project_threat_monitoring_path(@project), title: _('Threat Monitoring') do
            %span= _('Threat Monitoring')
  
-      - if project_nav_tab?(:security_orchestration_policies)
+      - if project_nav_tab?(:security_orchestration_policies) && Feature.enabled?(:security_orchestration_policies_configuration, @project)
        = nav_link(controller: ['projects/security/policies']) do
          = link_to project_security_policy_path(@project), title: _('Scan Policies') do
            %span= _('Scan Policies')

--- a/ee/spec/models/security/orchestration_policy_configuration_spec.rb
+++ b/ee/spec/models/security/orchestration_policy_configuration_spec.rb
@@ -21,7 +21,6 @@
    it { is_expected.to validate_presence_of(:security_policy_management_project) }
  
    it { is_expected.to validate_uniqueness_of(:project) }
-    it { is_expected.to validate_uniqueness_of(:security_policy_management_project) }
  end
  
  describe '#enabled?' do

--- a/ee/spec/requests/projects/security/policies_controller_spec.rb
+++ b/ee/spec/requests/projects/security/policies_controller_spec.rb
@@ -55,7 +55,7 @@
    it 'returns error message for invalid input' do
      post assign_project_security_policy_url(project), params: { orchestration: { policy_project_id: nil } }
  
-      expect(flash[:alert]).to eq 'Policy project doesn\'t exists'
+      expect(flash[:alert]).to eq 'Policy project doesn\'t exist'
    end
  end
 end
--- a/ee/spec/services/security/orchestration/assign_service_spec.rb
+++ b/ee/spec/services/security/orchestration/assign_service_spec.rb
@@ -25,11 +25,19 @@
      expect(project.security_orchestration_policy_configuration.security_policy_management_project_id).to eq(new_policy_project.id)
    end
  
-    it 'returns error when same policy is assigned to different projects' do
+    it 'assigns same policy to different projects' do
      service
  
      repeated_service = described_class.new(another_project, nil, policy_project_id: policy_project.id).execute
-      expect(repeated_service).to be_error
+      expect(repeated_service).to be_success
+    end
+
+    it 'unassigns project' do
+      service
+
+      described_class.new(project, nil, policy_project_id: nil).execute
+
+      expect(project.reload.security_orchestration_policy_configuration).to be_nil
    end
  
    it 'returns error when db has problem' do

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -22814,7 +22814,7 @@ msgstr ""
 msgid "Point to any links you like: documentation, built binaries, or other related materials. These can be internal or external links from your GitLab instance. Duplicate URLs are not allowed."
 msgstr ""
  
-msgid "Policy project doesn't exists"
+msgid "Policy project doesn't exist"
 msgstr ""
  
 msgid "Pre-defined push rules."