DAST scans site profile: Fix inprogress transition
What does this MR do?
It fixes an issue that can occur in two different scenarios:
- Editing a DAST on-demand scans site profile, which is currently being validated
- Creating a new profile, which shares the URL of a profile that is currently being validated
Both cases will end up in an error state (without a token) if the validation fails:
How to test this?
- Enable the feature flag.
echo "Feature.enable(:security_on_demand_scans_site_validation)" | rails c
-
Install and setup
graphql-vue-apollo-playground
locally. Checkout themock-dast-site-profiles
branch and run the mock server. -
Use the local mock server in the Apollo provider.
diff --git a/ee/app/assets/javascripts/dast_site_profiles_form/graphql/provider.js b/ee/app/assets/javascripts/dast_site_profiles_form/graphql/provider.js
index ef96b443da8..993a7cefb5c 100644
--- a/ee/app/assets/javascripts/dast_site_profiles_form/graphql/provider.js
+++ b/ee/app/assets/javascripts/dast_site_profiles_form/graphql/provider.js
@@ -5,5 +5,10 @@ import createDefaultClient from '~/lib/graphql';
Vue.use(VueApollo);
export default new VueApollo({
- defaultClient: createDefaultClient(),
+ defaultClient: createDefaultClient(
+ {},
+ {
+ baseUrl: 'http://localhost:4000',
+ },
+ ),
});
-
Set the
status
tostates.INPROGRESS_VALIDATION
withindast_site_validation.js
(mock apollo server) -
Navigate to the DAST Site profile form in your GDK:
/:namespace/:project/-/on_demand_scans/profiles/dast_site_profiles/new
-
Fill out the form and enable validation
-
Set the
status
tostates.FAILED_VALIDATION
withindast_site_validation.js
(mock apollo server) note: if the change happens at the same time as the request hits the mock server there might be an error. Please try again. IncreasingDAST_SITE_VALIDATION_POLL_INTERVAL
withinee/app/assets/javascripts/security_configuration/dast_site_profiles_form/constants.js
can help to reduce the chance of this.
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry (behind feature flag)
- [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers - [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done