Add Scanner Execution drawer component (!63533) · Merge requests · GitLab.org / GitLab

Paul Gascou-Vaillancourt requested to merge 273788-scan-execution-policy-drawer into master Jun 08, 2021

What does this MR do?

Creates the scanner_execution_policy and makes the policy drawer composable so that different policy types can be rendered in it.

For now, this MR doesn't have any user-facing change: we add the required backstage code to eventually support scanner execution policies, but we won't be actually seeing the new components yet as the frontend currently only fetches network policies.

How to test this?

To get a rough visual feedback, it is possible to short-circuit the computed property that defines the type of policy to be rendered, so that a network policy is considered as a scanner execution one. To do that, apply the following patch:

diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/policy_drawer.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/policy_drawer.vue
index 8dea42df62e..f4c0ed9d0f6 100644
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/policy_drawer.vue
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/policy_drawer.vue
@@ -37,7 +37,7 @@ export default {
   computed: {
     policyKind() {
       if (this.policy?.manifest?.includes(CiliumNetworkPolicyKind)) {
-        return CiliumNetworkPolicyKind;
+        return ScanExecutionPolicyKind;
       }
       if (this.policy?.manifest?.includes(ScanExecutionPolicyKind)) {
         return ScanExecutionPolicyKind;
diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/scan_execution_policy.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/scan_execution_policy.vue
index f2279bcec89..8626707c067 100644
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/scan_execution_policy.vue
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_drawer/scan_execution_policy.vue
@@ -18,7 +18,9 @@ export default {
   },
   computed: {
     policy() {
-      return safeLoad(this.value, { json: true });
+      const value =
+        '---\nname: Enforce DAST in every pipeline\ndescription: This policy enforces pipeline configuration to have a job with DAST\n  scan\nenabled: true\nrules:\n- type: pipeline\n  branches:\n  - master\nactions:\n- scan: dast\n  scanner_profile: Scanner Profile\n  site_profile: Site Profile\n';
+      return safeLoad(value, { json: true });
     },
   },
 };

Then, navigate to Security & Compliance > Threat Monitoring > Policies, and click on one of the predefined policies (drop-outbound or allow-inbound-http).