Skip to content

Add graphql mutations for project security exclusions

Ahmed Hemdan requested to merge ahmed.hemdan-allowlist-for-secret-push-protection-a7007ad5 into master

What does this MR do and why?

This merge request adds GraphQL mutations for managing project security exclusions.

  • Mutations:
    • ProjectSecurityExclusionCreate
    • ProjectSecurityExclusionUpdate
    • ProjectSecurityExclusionDestroy

It also updates ProjectSecurityExclusionType to include timestamp fields:

  • created_at
  • updated_at

Resolves #479305 (closed) partially.

Note: The target branch is ahmed.hemdan-allowlist-for-secret-push-protection-a8a418cd because this merge request was built using stacked diffs, so it merges back onto the previous merge request. I'm also happy to wait until the earlier two MRs (1, 2) have been approved and merged before proceeding with this one.

MR acceptance checklist

I have evaluated this MR against the MR acceptance checklist.

How to set up and validate locally

  • To test the mutations work as expected, select a project that exist already in your GDK or create a new one.
  • Find the project id for the project you have chosen or just created.
  • Navigate to the interactive GraphQL explorer on your GDK.
  • Run one of the mutations added in this merge request, let's say for example, the projectSecurityExclusionCreate one:
mutation projectSecurityExclusionCreate($input: ProjectSecurityExclusionCreateInput!) {
  projectSecurityExclusionCreate(input: $input) {
    securityExclusion {
      id
      scanner
      type
      active
      description
      value
      createdAt
      updatedAt
    }
    errors
  }
}
  • Make sure to define the input of the mutation as a variable $input using the interface:
{
  "input": {
    "projectPath": "PROJECT_FULL_PATH_GOES_HERE",
    "scanner": "SECRET_PUSH_PROTECTION",
    "type": "PATH",
    "value": "spec/models/project_spec.rb",
    "active": true,
    "description": "test exclusion"
  }
}
  • Update PROJECT_FULL_PATH_GOES_HERE with the actual full path for the project.
  • Verify the project security exclusion had been created as shown in example output below:
{
  "data": {
    "projectSecurityExclusionCreate": {
      "securityExclusion": {
        "id": "...",
        "scanner": "SECRET_PUSH_PROTECTION",
        "type": "PATH",
        "active": true,
        "description": "test exclusion",
        "value": "spec/models/project_spec.rb",
        "createdAt": "...",
        "updatedAt": "..."
      },
      "errors": []
    }
  }
}
  • Repeat for the other two mutations but make sure to update the input and pass the id of the mutation we created above.
Edited by Ahmed Hemdan

Merge request reports