Wire up DAST Saved Scans with the API
What does this MR do?
This wires-up the frontend and the backend for the following GraphQL queries and mutations:
-
dastProfiles
query: up until now, this has been querying local mocks. Now that this query is supported by the backend, we can remove the client-side mocks and hit the actual API. -
dastScanCreate
mutation: this mutation was marked as a known invalid query inconfig/known_invalid_graphql_queries.yml
. Since the backend now supports it, we can remove the override. Additionally, the mutation has been cleaned-up by leveragingDastProfileCreateInput
. -
dastScanUpdate
mutation: this mutation used the@client
directive to not be considered invalid. Now that the backend supports it, we can remove the directive and let the mutation hit the API. Additionally, the mutation has been cleaned-up by leveragingDastProfileUpdateInput
.
Note that during backend reviews, it was decided to drop the notion of savedScans
in favor of dastProfiles
. Therefor, a few renames had to be done here as well:
-
savedScans
query renamed todastProfiles
. -
dastScanCreate
mutation renamed todastProfileCreate
-
dastScanUpdate
mutation renamed todastProfileUpdate
How to test this?
- Enable the feature flag.
echo "Feature.enable(:dast_saved_scans)" | rails c
- Browse to the new DAST scan page at
/:namespace/:project/-/on_demand_scans/new
. You should be able to create a scan. - Browse to the DAST scans list at
/:namespace/:project/-/security/configuration/dast_profiles
. You should see your previously created scan(s) here. - Edit any scan.
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry featureflagdisabled
- [-] Documentation (if required)
-
Code review guidelines - [-] Merge request performance guidelines
-
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Related to #296752 (closed)
Edited by Paul Gascou-Vaillancourt