Skip to content

Dismiss security-training promo when enabling it

What does this MR do and why?

To prevent showing the promition banner for the security-training unnecessarily, this MR adds a GraphQL) mutation, which dismisses the callout when the related configuration is being touched.

Note: The callout - and he code within this MR - is only temporary and will be removed in the future.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Environment preparations

Enable the feature flag

echo "Feature.enable(:secure_vulnerability_training)" | rails c

Create two training providers:

echo "Security::TrainingProvider.create!(name: 'Foo', description: 'Foo provider', url: 'http://foo.com', logo_url: [http://foo.com/logo')" | rails c
echo "Security::TrainingProvider.create!(name: 'Bar', description: 'Bar provider', url: 'http://bar.com', logo_url: 'http://bar.com/logo')" | rails c

Testing instructions

  1. Go to a project's vulnerability report - make sure the banner is showing up
  2. Open a new browser tab and go to the same project's security dashboard - make sure the banner is showing up
  3. Go to the project's "Security & Compliance" -> "Configuration" -> "Vulnerability Management"
  4. Enable a provider (todo: enter instructions on how to populate)
  5. Refresh the vulnerability report and security dashboard - make sure the banner does not show up any more

Reset the dismissed callout (in case you want to test it more than once)

echo 'User.find_by(username: "root").callouts.find_by(feature_name: "security_training_feature_promotion").destroy' | rails c

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #350442 (closed)

Edited by David Pisek

Merge request reports

Loading