Delete all associated validations upon revocation
What does this MR do and why?
this merge request deletes all associated dast
site validations when a user revokes validation. previously it was possible to revoke validation and leave behind validation records. this ensures these records are cleaned up too.
Notes
this will result in validation jobs that are in progress failing but i think this is acceptable and aligned with the intention of the user upon clicking revoke.
Screenshots
How to set up and validate locally
- start up a rails console.
bundle exec rails console
- add some test data.
project = Project.first
dast_site = DastSite.find_or_create_by!(project: project, url: 'https://gitlab.com')
dast_site_profile = DastSiteProfile.create!(project: project, dast_site: dast_site, name: SecureRandom.hex)
dast_site_token = DastSiteToken.find_or_create_by!(project: project, url: 'https://gitlab.com').tap { |o| o.update(token: SecureRandom.uuid) }
successful_validation = DastSiteValidation.create!(dast_site_token: dast_site_token, state: :passed, url_path: '/validation', validation_strategy: :text_file)
failed_validation = DastSiteValidation.create!(dast_site_token: dast_site_token, state: :failed, url_path: '/validation', validation_strategy: :text_file)
dast_site.update!(dast_site_validation: successful_validation)
- get project's
fullPath
.
project.full_path # => " gitlab-org/gitlab-test"
-
navigate to
/gitlab-org/gitlab-test/-/security/configuration/dast_scans#site-profiles
-
click on
Revoke Validation
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Philip Cunningham