Skip to content
Snippets Groups Projects

Add branch_type validations

Merged Martin Čavoj requested to merge 404777-add-branch_type-validations into master
3 files
+ 196
6
Compare changes
  • Side-by-side
  • Inline
Files
3
@@ -13,6 +13,7 @@ def execute
@@ -13,6 +13,7 @@ def execute
return error_with_title(s_('SecurityOrchestration|Invalid policy type')) if invalid_policy_type?
return error_with_title(s_('SecurityOrchestration|Invalid policy type')) if invalid_policy_type?
return error_with_title(s_('SecurityOrchestration|Policy cannot be enabled without branch information')) if blank_branch_for_rule?
return error_with_title(s_('SecurityOrchestration|Policy cannot be enabled without branch information')) if blank_branch_for_rule?
return error_with_title(s_('SecurityOrchestration|Policy cannot be enabled for non-existing branches (%{branches})') % { branches: missing_branch_names.join(', ') }) if missing_branch_for_rule?
return error_with_title(s_('SecurityOrchestration|Policy cannot be enabled for non-existing branches (%{branches})') % { branches: missing_branch_names.join(', ') }) if missing_branch_for_rule?
 
return error_with_title(s_('SecurityOrchestration|Branch types don\'t match any existing branches.')) if invalid_branch_types?
success
success
end
end
@@ -38,7 +39,7 @@ def blank_name?
@@ -38,7 +39,7 @@ def blank_name?
end
end
def blank_branch_for_rule?
def blank_branch_for_rule?
return false if policy_type == :scan_result_policy
return false if scan_result_policy?
policy[:rules].any? do |rule|
policy[:rules].any? do |rule|
rule.values_at(:agents, :branches, :branch_type).all?(&:blank?)
rule.values_at(:agents, :branches, :branch_type).all?(&:blank?)
@@ -73,9 +74,52 @@ def branches_for_project
@@ -73,9 +74,52 @@ def branches_for_project
end
end
end
end
 
def invalid_branch_types?
 
return false if container.blank?
 
return false unless project_container?
 
return false if Feature.disabled?(:security_policies_branch_type, container)
 
 
invalid_branch_types.present?
 
end
 
 
def invalid_branch_types
 
strong_memoize(:invalid_branch_types) do
 
policy[:rules].flat_map { |rule| rule[:branch_type] }
 
.compact
 
.uniq
 
.select do |branch_type|
 
case branch_type
 
when 'all'
 
all_branches.empty?
 
when 'protected'
 
protected_branches_for_project.empty?
 
when 'default'
 
container.default_branch.blank? ||
 
(scan_result_policy? && !protected_branches_for_project.include?(container.default_branch))
 
end
 
end
 
end
 
end
 
 
def all_branches
 
strong_memoize(:all_branches) do
 
policy_type == :scan_result_policy ? protected_branches_for_project : branches_for_project
 
end
 
end
 
 
def protected_branches_for_project
 
strong_memoize(:protected_branches_for_project) do
 
project.all_protected_branches.pluck(:name) # rubocop: disable CodeReuse/ActiveRecord
 
end
 
end
 
def policy_type
def policy_type
policy[:type].to_sym
policy[:type].to_sym
end
end
 
 
def scan_result_policy?
 
policy_type == :scan_result_policy
 
end
end
end
end
end
end
end
Loading