Skip to content

Backend: Unify Security Configuration page backend between EE and CE

Why are we doing this work

The Security Configuration page needs to show different information depending on the tier the given project is in. Currently, the logic of that behaviour is scattered in various places on the frontend and backend, which makes adding features or moving features to different tiers difficult and error-prone.

For instance, there's a check in the EE::Projects::Security::ConfigurationController that's a proxy for "are we in Ultimate?", and delegates to the CE controller in the negative case. That controller passes basically no information to the frontend (there's no ConfigurationPresenter instance exposed), and so the frontend has to branch on that, and hard-code some information and have some awkward type checks.

Instead, it would be better if the Security::ConfigurationController always presented the same structured information to the frontend. Then, the frontend could be simplified to render the information it's given, rather than making decisions itself about what to do given the lack of data. Modifications to the frontend are covered by #333113 (closed).

In short, this would make adding to and modifying the Security Configuration page much simpler and faster.

Relevant links

Implementation plan

Prerequisite work is done in #342135 (closed)

  • Create feature flag unify_security_configuration
  • in EE ConfigurationController, ConfigurationPresenter accepts attribute for auto-fix permissions: move it to a separate method: 
      @configuration = ::Projects::Security::ConfigurationPresenter.new(project,
                                                                          presenter_attributes,
                                                                          current_user: current_user)

  # ...
  def presenter_attributes
    { auto_fix_permission: auto_fix_authorized? }
  end
  • in FOSS ConfigurationController create private presenter_attributes that return empty hash
  • Remove show method from EE ConfigurationPresenter and move its content to show method of FOSS ConfigurationPresenter.
  • in FOSS ConfigurationController create a condition by which instance of ConfigurationPresenter is returned if if feature flag is enabled or GitLab tier is Ultimate. This is a temporal solution until frontend is adjusted in #333113 (closed).
  • (Optional) Remove hard-coding of SAST/Secret Detection feature availability (possibly depends on #334722)

Additional info

New FOSS response

{
  auto_devops_enabled: Boolean,
  auto_devops_help_page_path: String,
  auto_devops_path: String,
  can_enable_auto_devops: Boolean,
  features: [
    {
      type: String,
      configured: Boolean,
      configuration_path: String,
      available: Boolean
    }
  ]
  help_page_path: String,
  latest_pipeline_path: String,
  gitlab_ci_present: Boolean,
  gitlab_ci_history_path: String
}

EE response (same as FOSS + auto-fix)

{
  auto_devops_enabled: Boolean,
  auto_devops_help_page_path: String,
  auto_devops_path: String,
  can_enable_auto_devops: Boolean,
  features: [
    {
      type: String,
      configured: Boolean,
      configuration_path: String,
      available: Boolean
    }
  ]
  help_page_path: String,
  latest_pipeline_path: String,
  auto_fix_enabled: Boolean,
  can_toggle_auto_fix_settings: Boolean,
  gitlab_ci_present: Boolean,
  gitlab_ci_history_path: String,
  auto_fix_user_path: String
}

Testing

  • SET to expand existing Security Configuration test where needed (auto-devops link in particular)
  • SET to investigate FOSS vs EE testing of Security Configuration, add E2E test
Edited by Tetiana Chupryna