diff --git a/ee/app/controllers/projects/security/policies_controller.rb b/ee/app/controllers/projects/security/policies_controller.rb
index 5ead3b77d7b2fa8dbff5b5114d2d57c6788ae94e..55a49af9d260309ea8eda708449702e3e04ba254 100644
--- a/ee/app/controllers/projects/security/policies_controller.rb
+++ b/ee/app/controllers/projects/security/policies_controller.rb
@@ -7,16 +7,37 @@ class PoliciesController < Projects::ApplicationController
before_action do
push_frontend_feature_flag(:security_orchestration_policies_configuration, project)
+ check_permissions!
end
feature_category :security_orchestration
def show
- render_404 unless Feature.enabled?(:security_orchestration_policies_configuration, project) && can?(current_user, :security_orchestration_policies, project)
+ @assigned_policy_id = project&.security_orchestration_policy_configuration&.security_policy_management_project_id
+
+ render :show
end
def assign
- # TODO: Assign project once #321531 is complete
+ result = ::Security::Orchestration::AssignService.new(project, nil, policy_project_id: policy_project_params[:policy_project_id]).execute
+
+ if result.success?
+ flash[:notice] = _('Successfull')
+ else
+ flash[:alert] = result.message
+ end
+
+ redirect_to project_security_policy_url(project)
+ end
+
+ private
+
+ def check_permissions!
+ render_404 unless Feature.enabled?(:security_orchestration_policies_configuration, project) && can?(current_user, :security_orchestration_policies, project)
+ end
+
+ def policy_project_params
+ params.require(:orchestration).permit(:policy_project_id)
end
end
end
diff --git a/ee/app/services/security/orchestration/assign_service.rb b/ee/app/services/security/orchestration/assign_service.rb
index a1e094e60dc3ef7fd95adf2c9ec1f879ca8675a4..387b7cb1c4ab69144a0b6b1f55844f47af66a224 100644
--- a/ee/app/services/security/orchestration/assign_service.rb
+++ b/ee/app/services/security/orchestration/assign_service.rb
@@ -9,9 +9,9 @@ def execute
return success if res
rescue ActiveRecord::RecordNotFound => _
- error('Policy project doesn\'t exists')
+ error(_('Policy project doesn\'t exists'))
rescue ActiveRecord::RecordInvalid => _
- error('Couldn\'t assign policy to project')
+ error(_('Couldn\'t assign policy to project'))
end
private
diff --git a/ee/app/views/projects/security/policies/show.html.haml b/ee/app/views/projects/security/policies/show.html.haml
index 312dad6b4566b6a930a067fbf81fc2ea8e60372b..4ea897e2bb796dff978195f8e9f0bea4a14e2b3d 100644
--- a/ee/app/views/projects/security/policies/show.html.haml
+++ b/ee/app/views/projects/security/policies/show.html.haml
@@ -6,8 +6,8 @@
%h4
= s_('SecurityOrchestration|Security policy project')
%p
- = project_select_tag('orchestration[management_project_id]', class: 'hidden-filter-value', toggle_class: 'js-project-search js-project-filter js-filter-submit', dropdown_class: 'dropdown-menu-selectable dropdown-menu-project js-filter-submit',
- placeholder: _('Select project'), idAttribute: 'id', data: { order_by: 'last_activity_at', idattribute: 'id', simple_filter: true, allow_clear: true, include_groups: false, include_projects_in_subgroups: true, user_id: current_user.id }, value: 123)
+ = project_select_tag('orchestration[policy_project_id]', class: 'hidden-filter-value', toggle_class: 'js-project-search js-project-filter js-filter-submit', dropdown_class: 'dropdown-menu-selectable dropdown-menu-project js-filter-submit',
+ placeholder: _('Select project'), idAttribute: 'id', data: { order_by: 'last_activity_at', idattribute: 'id', simple_filter: true, allow_clear: true, include_groups: false, include_projects_in_subgroups: true, user_id: current_user.id }, value: @assigned_policy_id)
.text-muted
= html_escape(s_('SecurityOrchestration|A security policy project can be used enforce policies for a given project, group, or instance. It allows you to speficy security policies that are important to you and enforce them with every commit.')) % { code_open: '<code>'.html_safe, code_close: '</code>'.html_safe }
= link_to _('More information'), help_page_path('user/project/clusters/protect/container_network_security/quick_start_guide'), target: '_blank'
diff --git a/ee/spec/helpers/projects_helper_spec.rb b/ee/spec/helpers/projects_helper_spec.rb
index b49bc17352eb622d531e4f24349e5befab70e6d0..9e89b489ac91533efea2367c5f7cdd301e6e2c22 100644
--- a/ee/spec/helpers/projects_helper_spec.rb
+++ b/ee/spec/helpers/projects_helper_spec.rb
@@ -229,6 +229,7 @@
projects/threat_monitoring#new
projects/threat_monitoring#edit
projects/threat_monitoring#alert_details
+ projects/security/policies#show
projects/audit_events#index
]
end
diff --git a/ee/spec/requests/projects/security/policies_controller_spec.rb b/ee/spec/requests/projects/security/policies_controller_spec.rb
index 6e9515b86db7c1b7811e4d874016aa97a914ccbd..c3ecbf7b637c61859f9c95e69a92541adf931e08 100644
--- a/ee/spec/requests/projects/security/policies_controller_spec.rb
+++ b/ee/spec/requests/projects/security/policies_controller_spec.rb
@@ -36,4 +36,26 @@
end
end
end
+
+ context 'assign action' do
+ let_it_be(:policy_project, reload: true) { create(:project) }
+
+ before do
+ stub_feature_flags(security_orchestration_policies_configuration: true)
+ stub_licensed_features(security_orchestration_policies: true)
+ end
+
+ it 'assigns policy project to project' do
+ post assign_project_security_policy_url(project), params: { orchestration: { policy_project_id: policy_project.id } }
+
+ expect(response).to redirect_to(project_security_policy_url(project))
+ expect(project.security_orchestration_policy_configuration.security_policy_management_project_id).to eq(policy_project.id)
+ end
+
+ it 'returns error message for invalid input' do
+ post assign_project_security_policy_url(project), params: { orchestration: { policy_project_id: nil } }
+
+ expect(flash[:alert]).to eq 'Policy project doesn\'t exists'
+ end
+ end
end
diff --git a/ee/spec/services/security/orchestration/assign_service_spec.rb b/ee/spec/services/security/orchestration/assign_service_spec.rb
index f1f4f35b404e5ab25319e28f7d3f53d8f1511956..e3d60351a693dd53f9e179da11ccac1733e42285 100644
--- a/ee/spec/services/security/orchestration/assign_service_spec.rb
+++ b/ee/spec/services/security/orchestration/assign_service_spec.rb
@@ -29,7 +29,6 @@
service
repeated_service = described_class.new(another_project, nil, policy_project_id: policy_project.id).execute
-
expect(repeated_service).to be_error
end
diff --git a/ee/spec/views/projects/security/policies/show.html.haml_spec.rb b/ee/spec/views/projects/security/policies/show.html.haml_spec.rb
index 18ef7a23b7ab9bbba0367faaa43b109b9a50f4e1..4abfb9dfc000989ed018b25f68166ee2d0674cb3 100644
--- a/ee/spec/views/projects/security/policies/show.html.haml_spec.rb
+++ b/ee/spec/views/projects/security/policies/show.html.haml_spec.rb
@@ -17,7 +17,7 @@
it 'renders the default state' do
expect(rendered).to have_selector('h2')
expect(rendered).to have_selector('h4')
- expect(response).to have_css('input[id=orchestration_management_project_id]', visible: false)
+ expect(response).to have_css('input[id=orchestration_policy_project_id]', visible: false)
expect(rendered).to have_button('Save changes')
end
end
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 04f3964ee0bb7ca0730365fe2a9173627585828c..e7661b48d8783f57bc2280159beb8d62708d91c3 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -8530,6 +8530,9 @@ msgstr ""
msgid "Could not upload your designs as one or more files uploaded are not supported."
msgstr ""
+msgid "Couldn't assign policy to project"
+msgstr ""
+
msgid "Country"
msgstr ""
@@ -22658,6 +22661,9 @@ msgstr ""
msgid "Point to any links you like: documentation, built binaries, or other related materials. These can be internal or external links from your GitLab instance. Duplicate URLs are not allowed."
msgstr ""
+msgid "Policy project doesn't exists"
+msgstr ""
+
msgid "Pre-defined push rules."
msgstr ""
@@ -28854,6 +28860,9 @@ msgstr ""
msgid "Successful purchase image"
msgstr ""
+msgid "Successfull"
+msgstr ""
+
msgid "Successfully activated"
msgstr ""