Abstract out unsupported attribute finder
What does this MR do and why?
Describe in detail what your merge request does and why.
Abstract out unsupported attribute finder
- implement it for scan execution policies
- while each policy type will have different attributes, abstracting out a general "is there attributes that don't below" method seems reasonable to me
- more policy-specific checks can be done in the policy-specific
fromYaml
methods (something like the below) - I don't see there being a performance issue to loop through all the attributes of the policy multiple times (once in
hasUnsupportedAttribute
and more in policy-specific checks) as the policies have very few attributes
// scan_execution_policy/lib/fromYaml.js
const policySpecificCheck(policy) { /** does a policy-specific check **/ };
export const fromYaml = (manifest) => {
...
return hasUnsupportedAttribute({ policy, primaryKeys, rulesKeys, actionsKeys }) || policySpecificCheck(policy) : ...
NOTE: This is not supposed to catch all use cases! A user can input whatever they want in YAML (much of which would not be caught by this) and that would be better caught by schema validation (issue: FE: Validation prevents user from submitting po... (#369007 - closed)), but this MR is an acceptable first step. Schema validation is currently not working and is being fixed by Upgrade monaco-yaml and re-enable schema valida... (!96385 - merged).
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Scenario | Screenshot |
---|---|
Wrong primary keys | |
Wrong rule keys | |
Wrong action keys |
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Upload a GitLab Ultimate license
- Turn on the
:scan_execution_rule_mode
feature flag - Navigate to a project =>
Security & Compliance
=>Policies
=>New policy
=>Scan Execution Policy
=>yaml
mode - Add
WRONG_KEY: "this is wrong and should result in the rule mode being disabled"
to theyaml
in between another primary/rule/action key - Navigate back to
rule
mode - Verify the
rule
mode is disabled
Sample yamls that have unsupported keys
Unsupported primary key
type: scan_execution_policy
name: ''
WRONG: THIS_IS_WRONG
description: ''
enabled: true
rules:
- type: pipeline
branches: []
actions:
- scan: dast
site_profile: ''
scanner_profile: ''
Unsupported rule key
type: scan_execution_policy
name: ''
description: ''
enabled: true
rules:
- type: pipeline
branches: []
WRONG: THIS_IS_WRONG
actions:
- scan: dast
site_profile: ''
scanner_profile: ''
Unsupported action key
type: scan_execution_policy
name: ''
description: ''
enabled: true
rules:
- type: pipeline
branches: []
actions:
- scan: dast
site_profile: ''
scanner_profile: ''
WRONG: THIS_IS_WRONG
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #359887 (closed)