Edit policy url not being generated correctly for some projects

Summary

Projects/Groups with the string new in them will have incorrect edit policy urls

Steps to reproduce

Create a project/group with the string new in the title (e.g. new project, newton project, Knew It)
Create a security policy
Navigate to the project/group => Secure => Policies => select the policy => click Edit policy

Example Project

https://gitlab.com/gitlab-org/govern/demos/sandbox/group-security-policies/verify-new-dependency-scanning-with-scan-result-policies/-/security/policies

What is the current bug behavior?

Clicking the Edit policy button navigates the user to a 404

What is the expected correct behavior?

Clicking the Edit policy button navigates the user to the policy editor with the selected policy information

Relevant logs and/or screenshots

Possible fixes

the problem is list_component.vue#editPolicyPath creates the edit policy path off of the new policy path by looking for the string new

this.newPolicyPath.replace('new', `${encodeURIComponent(this.selectedPolicy.name)}/edit`)

The options I see for fixing this is
- 1. Make this method more robust (something like new => /-/security/policies/new)
- 1. Create the edit path on the backend and send it up to the frontend

From the discussion below, we are going with option 2

The policy data for the drawer is taken from the policy information from the table, which is received from the GraphQL resource Group/Project.scanExecutionPolicies and Group/Project.scanResultPolicies, so let's add the edit path to the OrchestrationPolicy type

MR 1: backend update OrchestrationPolicy type to include edit_path (some code below, untested, unverified, tests need to be updated)

diff --git a/ee/app/graphql/types/security_orchestration/orchestration_policy_type.rb b/ee/app/graphql/types/security_orchestration/orchestration_policy_type.rb
index de1f9167741e..6a98d602997a 100644
--- a/ee/app/graphql/types/security_orchestration/orchestration_policy_type.rb
+++ b/ee/app/graphql/types/security_orchestration/orchestration_policy_type.rb
@@ -6,6 +6,7 @@ module OrchestrationPolicyType
       include Types::BaseInterface
 
       field :description, GraphQL::Types::String, null: false, description: 'Description of the policy.'
+      field :edit_path, GraphQL::Types::String, null: false, description: 'URL of policy edit page.'
       field :enabled, GraphQL::Types::Boolean, null: false, description: 'Indicates whether this policy is enabled.'
       field :name, GraphQL::Types::String, null: false, description: 'Name of the policy.'
       field :updated_at, Types::TimeType, null: false, description: 'Timestamp of when the policy YAML was last updated.'

MR 2: frontend update list_component.vue#editPolicyPath to use new editPath property (some code below, untested, unverified, tests need to be updated)

diff --git a/ee/app/assets/javascripts/security_orchestration/components/policies/list_component.vue b/ee/app/assets/javascripts/security_orchestration/components/policies/list_component.vue
index 1ee3ac4161b9..7278851d9c10 100644
--- a/ee/app/assets/javascripts/security_orchestration/components/policies/list_component.vue
+++ b/ee/app/assets/javascripts/security_orchestration/components/policies/list_component.vue
@@ -159,20 +159,6 @@ export default {
     hasSelectedPolicy() {
       return Boolean(this.selectedPolicy);
     },
-    editPolicyPath() {
-      if (this.hasSelectedPolicy) {
-        const parameters = {
-          type: POLICY_TYPE_COMPONENT_OPTIONS[this.policyType]?.urlParameter,
-          ...(this.selectedPolicy.kind && { kind: this.selectedPolicy.kind }),
-        };
-        return mergeUrlParams(
-          parameters,
-          this.newPolicyPath.replace('new', `${encodeURIComponent(this.selectedPolicy.name)}/edit`),
-        );
-      }
-
-      return '';
-    },
     typeLabel() {
       if (this.namespaceType === NAMESPACE_TYPES.GROUP) {
         return this.$options.i18n.groupTypeLabel;
@@ -360,7 +346,6 @@ export default {
       :open="hasSelectedPolicy"
       :policy="selectedPolicy"
       :policy-type="policyType"
-      :edit-policy-path="editPolicyPath"
       :disable-scan-policy-update="disableScanPolicyUpdate"
       data-testid="policyDrawer"
       @close="deselectPolicy"
diff --git a/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/drawer_wrapper.vue b/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/drawer_wrapper.vue
index 46de5b8d3f11..91d35e4e364a 100644
--- a/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/drawer_wrapper.vue
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_drawer/drawer_wrapper.vue
@@ -53,11 +53,6 @@ export default {
       required: false,
       default: '',
     },
-    editPolicyPath: {
-      type: String,
-      required: false,
-      default: '',
-    },
     disableScanPolicyUpdate: {
       type: Boolean,
       required: false,
@@ -115,7 +110,7 @@ export default {
           data-testid="edit-button"
           category="primary"
           variant="confirm"
-          :href="editPolicyPath"
+          :href="policy.editPath"
           :disabled="isPolicyInherited"
           >{{ s__('SecurityOrchestration|Edit policy') }}</gl-button
         >

Edited Aug 23, 2023 by Alexander Turinske