Reorganize policy limit constants
The following discussion from !172441 (merged) should be addressed:
-
@arfedoro started a discussion: (+3 comments)
thought (non-blocking): Do you think it would be worth creating an object like this on the backend and then passing it up instead of manipulating the data here? Especially since we seem to create this object here as well as in ee/app/assets/javascripts/security_orchestration/components/policy_editor/policy_type_selector.vue with hasMax and maxPoliciesAllowed. Since these settings are so related that they should be organized better instead of being dumped into the dataset individually anymore.
Certainly not in this MR since so many the max values are used so many places (actually, it looks like the ...PolicyActions setting is the most far reaching, so maybe just pull the other ones in and leave that one for a separate MR or not at all.
/cc @arfedoro
Partial diff, not complete
diff --git a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/editor_layout.vue b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/editor_layout.vue
index b70ddfc44536..b2c9f98895eb 100644
--- a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/editor_layout.vue
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/editor_layout.vue
@@ -29,9 +29,6 @@ import {
} from './constants';
import { getPolicyLimitDetails } from './utils';
-const { scanExecution, legacyApproval, approval, vulnerabilityManagement, pipelineExecution } =
- POLICY_TYPE_COMPONENT_OPTIONS;
-
export default {
i18n: {
DELETE_MODAL_CONFIG,
@@ -64,18 +61,7 @@ export default {
},
directives: { GlModal: GlModalDirective, GlTooltip: GlTooltipDirective },
mixins: [glFeatureFlagsMixin()],
- inject: [
- 'namespaceType',
- 'policiesPath',
- 'maxActiveScanExecutionPoliciesReached',
- 'maxScanExecutionPoliciesAllowed',
- 'maxActiveScanResultPoliciesReached',
- 'maxScanResultPoliciesAllowed',
- 'maxActiveVulnerabilityManagementPoliciesReached',
- 'maxVulnerabilityManagementPoliciesAllowed',
- 'maxActivePipelineExecutionPoliciesReached',
- 'maxPipelineExecutionPoliciesAllowed',
- ],
+ inject: ['limits', 'namespaceType', 'policiesPath'],
props: {
customSaveButtonText: {
type: String,
@@ -154,36 +140,14 @@ export default {
);
},
policyLimitArgs() {
- switch (this.policyType) {
- case scanExecution:
- return {
- policyLimitReached: this.maxActiveScanExecutionPoliciesReached,
- policyLimit: this.maxScanExecutionPoliciesAllowed,
- };
- case legacyApproval:
- case approval:
- return {
- policyLimitReached: this.maxActiveScanResultPoliciesReached,
- policyLimit: this.maxScanExecutionPoliciesAllowed,
- };
- case vulnerabilityManagement:
- return {
- policyLimitReached: this.maxActiveVulnerabilityManagementPoliciesReached,
- policyLimit: this.maxVulnerabilityManagementPoliciesAllowed,
- };
- case pipelineExecution:
- return {
- policyLimitReached: this.maxActivePipelineExecutionPoliciesReached,
- policyLimit: this.maxPipelineExecutionPoliciesAllowed,
- };
- default:
- return {};
- }
+ return this.limits[this.policyType] || {};
},
policyLimitDetails() {
const { policyLimit, policyLimitReached } = this.policyLimitArgs;
return getPolicyLimitDetails({
- type: this.policyType?.text?.toLowerCase() || scanExecution.text.toLowerCase(),
+ type:
+ this.policyType?.text?.toLowerCase() ||
+ POLICY_TYPE_COMPONENT_OPTIONS.scanExecution.text.toLowerCase(),
policyLimit,
policyLimitReached,
hasPropertyChanged: this.hasEnabledPropertyChanged,
diff --git a/ee/app/assets/javascripts/security_orchestration/policy_editor.js b/ee/app/assets/javascripts/security_orchestration/policy_editor.js
index 6238641cb1c0..754101e0be2c 100644
--- a/ee/app/assets/javascripts/security_orchestration/policy_editor.js
+++ b/ee/app/assets/javascripts/security_orchestration/policy_editor.js
@@ -13,14 +13,7 @@ export default (el, namespaceType) => {
disableScanPolicyUpdate,
createAgentHelpPath,
globalGroupApproversEnabled,
- maxActiveScanExecutionPoliciesReached,
- maxActiveScanResultPoliciesReached,
- maxActivePipelineExecutionPoliciesReached,
- maxActiveVulnerabilityManagementPoliciesReached,
- maxScanExecutionPoliciesAllowed,
- maxScanResultPoliciesAllowed,
- maxPipelineExecutionPoliciesAllowed,
- maxVulnerabilityManagementPoliciesAllowed,
+ limits,
namespaceId,
namespacePath,
policiesPath,
@@ -33,7 +26,6 @@ export default (el, namespaceType) => {
softwareLicenses,
timezones,
actionApprovers,
- maxScanExecutionPolicyActions,
} = el.dataset;
let parsedAssignedPolicyProject;
@@ -69,10 +61,10 @@ export default (el, namespaceType) => {
parsedTimezones = [];
}
- const count = parseInt(maxScanExecutionPolicyActions, 10);
- const parsedMaxScanExecutionPolicyActions = Number.isNaN(count)
- ? MAX_SCAN_EXECUTION_ACTION_COUNT
- : count;
+ // const count = parseInt(maxScanExecutionPolicyActions, 10);
+ // const parsedMaxScanExecutionPolicyActions = Number.isNaN(count)
+ // ? MAX_SCAN_EXECUTION_ACTION_COUNT
+ // : count;
return new Vue({
el,
@@ -82,18 +74,7 @@ export default (el, namespaceType) => {
createAgentHelpPath,
disableScanPolicyUpdate: parseBoolean(disableScanPolicyUpdate),
globalGroupApproversEnabled: parseBoolean(globalGroupApproversEnabled),
- maxActiveScanExecutionPoliciesReached: parseBoolean(maxActiveScanExecutionPoliciesReached),
- maxActivePipelineExecutionPoliciesReached: parseBoolean(
- maxActivePipelineExecutionPoliciesReached,
- ),
- maxActiveScanResultPoliciesReached: parseBoolean(maxActiveScanResultPoliciesReached),
- maxActiveVulnerabilityManagementPoliciesReached: parseBoolean(
- maxActiveVulnerabilityManagementPoliciesReached,
- ),
- maxScanExecutionPoliciesAllowed,
- maxScanResultPoliciesAllowed,
- maxPipelineExecutionPoliciesAllowed,
- maxVulnerabilityManagementPoliciesAllowed,
+ limits,
namespaceId,
namespacePath,
namespaceType,
@@ -107,7 +88,6 @@ export default (el, namespaceType) => {
timezones: parsedTimezones,
existingPolicy: policy ? { type: policyType, ...JSON.parse(policy) } : undefined,
assignedPolicyProject: parsedAssignedPolicyProject,
- maxScanExecutionPolicyActions: parsedMaxScanExecutionPolicyActions,
},
render(createElement) {
return createElement(App);
diff --git a/ee/app/helpers/ee/security_orchestration_helper.rb b/ee/app/helpers/ee/security_orchestration_helper.rb
index 53232cba4eba..e268f6d59c97 100644
--- a/ee/app/helpers/ee/security_orchestration_helper.rb
+++ b/ee/app/helpers/ee/security_orchestration_helper.rb
@@ -28,6 +28,36 @@ def orchestration_policy_data(container, policy_type = nil, policy = nil, approv
disable_scan_policy_update = !can_modify_security_policy?(container)
+ limits = {
+ "approval_policy": {
+ policyLimit: scan_result_policies_limit,
+ policyLimitReached: max_active_scan_result_policies_reached?(container).to_s,
+ },
+ "scan_result_policy": {
+ policyLimit: scan_result_policies_limit,
+ policyLimitReached: max_active_scan_result_policies_reached?(container).to_s,
+ },
+ "scan_execution_policy": {
+ policyActionLimit: max_scan_execution_policy_actions,
+ policyLimit: Security::ScanExecutionPolicy::POLICY_LIMIT,
+ policyLimitReached: max_active_scan_execution_policies_reached?(container).to_s,
+ },
+ "pipeline_execution_policy": {
+ policyLimit: Security::PipelineExecutionPolicy::POLICY_LIMIT,
+ policyLimitReached: max_active_pipeline_execution_policies_reached?(container).to_s,
+ },
+ "vulnerability_management_policy": {
+ policyLimit: Security::VulnerabilityManagementPolicy::POLICY_LIMIT,
+ policyLimitReached:
+ max_active_vulnerability_management_policies_reached?(container).to_s,
+ },
+ "ci_component_policy": {
+ policyLimit: Security::CiComponentPublishingPolicy::POLICY_LIMIT,
+ policyLimitReached: max_active_ci_component_publishing_policies_reached?(container)
+ .to_s,
+ }
+ }
+
policy_data = {
assigned_policy_project: assigned_policy_project(container).to_json,
disable_scan_policy_update: disable_scan_policy_update.to_s,
@@ -45,19 +75,7 @@ def orchestration_policy_data(container, policy_type = nil, policy = nil, approv
global_group_approvers_enabled: Gitlab::CurrentSettings.security_policy_global_group_approvers_enabled.to_json,
root_namespace_path: container.root_ancestor&.full_path,
timezones: timezone_data(format: :full).to_json,
- max_active_scan_execution_policies_reached: max_active_scan_execution_policies_reached?(container).to_s,
- max_active_scan_result_policies_reached: max_active_scan_result_policies_reached?(container).to_s,
- max_scan_result_policies_allowed: scan_result_policies_limit,
- max_scan_execution_policies_allowed: Security::ScanExecutionPolicy::POLICY_LIMIT,
- max_ci_component_publishing_policies_allowed: Security::CiComponentPublishingPolicy::POLICY_LIMIT,
- max_ci_component_publishing_policies_reached: max_active_ci_component_publishing_policies_reached?(container)
- .to_s,
- max_active_pipeline_execution_policies_reached: max_active_pipeline_execution_policies_reached?(container).to_s,
- max_pipeline_execution_policies_allowed: Security::PipelineExecutionPolicy::POLICY_LIMIT,
- max_active_vulnerability_management_policies_reached:
- max_active_vulnerability_management_policies_reached?(container).to_s,
- max_vulnerability_management_policies_allowed: Security::VulnerabilityManagementPolicy::POLICY_LIMIT,
- max_scan_execution_policy_actions: max_scan_execution_policy_actions
+ limits: limits.to_json
}
if container.is_a?(::Project)