Skip to content

Add Scanner Execution drawer component

What does this MR do?

Creates the scanner_execution_policy and makes the policy drawer composable so that different policy types can be rendered in it.

For now, this MR doesn't have any user-facing change: we add the required backstage code to eventually support scanner execution policies, but we won't be actually seeing the new components yet as the frontend currently only fetches network policies.

How to test this?

To get a rough visual feedback, it is possible to short-circuit the computed property that defines the type of policy to be rendered, so that a network policy is considered as a scanner execution one. To do that, apply the following patch:

diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/policy_drawer.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/policy_drawer.vue
index 8dea42df62e..f4c0ed9d0f6 100644
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/policy_drawer.vue
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/policy_drawer.vue
@@ -37,7 +37,7 @@ export default {
   computed: {
     policyKind() {
       if (this.policy?.manifest?.includes(CiliumNetworkPolicyKind)) {
-        return CiliumNetworkPolicyKind;
+        return ScanExecutionPolicyKind;
       }
       if (this.policy?.manifest?.includes(ScanExecutionPolicyKind)) {
         return ScanExecutionPolicyKind;
diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/scan_execution_policy.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/scan_execution_policy.vue
index f2279bcec89..8626707c067 100644
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/scan_execution_policy.vue
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/scan_execution_policy.vue
@@ -18,7 +18,9 @@ export default {
   },
   computed: {
     policy() {
-      return safeLoad(this.value, { json: true });
+      const value =
+        '---\nname: Enforce DAST in every pipeline\ndescription: This policy enforces pipeline configuration to have a job with DAST\n  scan\nenabled: true\nrules:\n- type: pipeline\n  branches:\n  - master\nactions:\n- scan: dast\n  scanner_profile: Scanner Profile\n  site_profile: Site Profile\n';
+      return safeLoad(value, { json: true });
     },
   },
 };

Then, navigate to Security & Compliance > Threat Monitoring > Policies, and click on one of the predefined policies (drop-outbound or allow-inbound-http).

Screenshots (strongly suggested)

Network policy (no visual change)

Before After
Screen_Shot_2021-06-08_at_2.13.35_PM Screen_Shot_2021-06-08_at_2.09.25_PM

Fake scanner execution policy (computed property short-circuited)

Screen_Shot_2021-06-10_at_8.53.19_AM

Related to #273788 (closed) & #273790 (closed)

Edited by Paul Gascou-Vaillancourt

Merge request reports

Loading