Separate validation out of site profile creation
<!--
Implementation issues are used break-up a large piece of work into small, discrete tasks that can
move independently through the build workflow steps. They're typically used to populate a Feature
Epic. Once created, an implementation issue is usually refined in order to populate and review the
implementation plan and weight.
Example workflow: https://about.gitlab.com/handbook/engineering/development/threat-management/planning/diagram.html#plan
-->
Implementation issue for https://gitlab.com/gitlab-org/gitlab/-/issues/255338
## Why are we doing this work
This idea is to separate out the site validation from site profile form as the validation shouldn't be as closely tied to profiles as it is.
## Designs
Follow the designs at https://gitlab.com/gitlab-org/gitlab/-/issues/255338
## Proposal
* **Site profile form**
* Remove site validation toggle from the site profile form
* **Profile library**
* Add `Validate` button to each row in unvalidated `Site profiles`
* Add a new column to show Validation statuses
* `Validate` opens a new modal
* **Profile selector**
* Show a warning when user selects profile with active scan and unvalidated site
## Relevant links
- [Design Issue](https://gitlab.com/gitlab-org/gitlab/-/issues/255338)
- [Text file upload validation method](https://gitlab.com/gitlab-org/gitlab/-/issues/233020)
- [HTTP Header validation method](https://gitlab.com/gitlab-org/gitlab/-/issues/249240)
##### Future iterations
- [`Revoke validation`](https://gitlab.com/gitlab-org/gitlab/-/issues/276228) button on each validated row
- Validate target site from profile selector - https://gitlab.com/gitlab-org/gitlab/-/issues/255338/designs/new-scan-unvalidated-active-scan.png
## Non-functional requirements
<!--
Add details for required items and delete others.
-->
- [ ] Documentation:
- [ ] Feature flag:
- [ ] Performance:
- [ ] Testing:
## Implementation plan
| Task # | Description | Issue | Department(s) |
| ------ | ----------------------------------------------------------- | ---------------------------------------------------- | -------------- |
| 1 | Site Validation - Filter by canonical URL | https://gitlab.com/gitlab-org/gitlab/-/issues/277402 | gitlab~2492649 |
| 2 | DAST Site Profile - Expose canonical URL | https://gitlab.com/gitlab-org/gitlab/-/issues/277403 | gitlab~2492649 |
| 3 | DAST Site Validation - Cleanup | https://gitlab.com/gitlab-org/gitlab/-/issues/289800 | gitlab~2492649 |
| 4 | Site profile form - Remove validation toggle | https://gitlab.com/gitlab-org/gitlab/-/issues/280559 | gitlab~3412464 |
| 5 | Create DastSiteValidateModal component | https://gitlab.com/gitlab-org/gitlab/-/issues/280561 | gitlab~3412464 |
| 6 | Wire up validation modal and profiles library | https://gitlab.com/gitlab-org/gitlab/-/issues/280571 | gitlab~3412464 |
| 7 | Poll for status changes in profiles library | https://gitlab.com/gitlab-org/gitlab/-/issues/280570 | gitlab~3412464 |
| 8 | Handle validation in on-demand DAST scans profile selectors | https://gitlab.com/gitlab-org/gitlab/-/issues/280573 | gitlab~3412464 |
## Decisions
### GraphQL
#### `dastSiteValidation`
The `dastSiteValidation` GraphQL query won't be used in the gitlab~3412464 and can be removed altogether. Does this warrant a clean up in the gitlab~2492649?
#### `dastSiteProfiles`
Include the `urlBase` in the response.
```patch
query DastSiteProfiles($fullPath: ID!, $after: String, $before: String, $first: Int, $last: Int) {
project(fullPath: $fullPath) {
siteProfiles: dastSiteProfiles(after: $after, before: $before, first: $first, last: $last) {
pageInfo {
...PageInfo
}
edges {
cursor
node {
id
profileName
targetUrl
+ normalizedTargetUrl
editPath
validationStatus
}
}
}
}
}
```
#### `dastSiteValidations`
Create the `dastSiteValidations` query.
```graphql
query project($fullPath: ID!, $urls: [String!]) {
project(fullPath: $fullPath) {
dastSiteValidations(normalizedTargetUrls: $urls) {
node {
normalizedTargetUrl
status
}
}
}
}
```
epic