diff --git a/ee/app/controllers/ee/projects/security/configuration_controller.rb b/ee/app/controllers/ee/projects/security/configuration_controller.rb
index f866e8f97fd11fb66428507862af1821a6510092..74d38252dc471d21873b2220a2162b864306874a 100644
--- a/ee/app/controllers/ee/projects/security/configuration_controller.rb
+++ b/ee/app/controllers/ee/projects/security/configuration_controller.rb
@@ -47,11 +47,13 @@ def show
# rubocop:enable Gitlab/ModuleWithInstanceVariables
def auto_fix
- service = ::Security::Configuration::SaveAutoFixService.new(project, auto_fix_params[:feature])
+ service = ::Security::Configuration::SaveAutoFixService
+ .new(project, auto_fix_params[:feature])
+ .execute(enabled: auto_fix_params[:enabled])
- return respond_422 unless service.execute(enabled: auto_fix_params[:enabled])
+ return respond_422 unless service.success?
- render status: :ok, json: auto_fix_settings
+ render status: :ok, json: service.payload
end
private
@@ -77,15 +79,6 @@ def check_feature_flag!
render_404 if ::Feature.disabled?(:security_auto_fix, project)
end
- def auto_fix_settings
- setting = project.security_setting
-
- {
- dependency_scanning: setting.auto_fix_dependency_scanning,
- container_scanning: setting.auto_fix_container_scanning
- }
- end
-
def security_dashboard_feature_enabled?
vulnerable.feature_available?(:security_dashboard)
end
diff --git a/ee/app/services/security/configuration/save_auto_fix_service.rb b/ee/app/services/security/configuration/save_auto_fix_service.rb
index eb8d69dd70029acec23b5816a427b1ab2176ef25..11e3e803b9093f812c1b7e1de6d79a75eb6813e8 100644
--- a/ee/app/services/security/configuration/save_auto_fix_service.rb
+++ b/ee/app/services/security/configuration/save_auto_fix_service.rb
@@ -13,15 +13,32 @@ def initialize(project, feature)
end
def execute(enabled:)
- return unless valid?
+ return error("Auto fix is not available for #{feature} feature") unless valid?
+ return error("Project has no security setting") unless setting
- project&.security_setting&.update(toggle_params(enabled))
+ if setting&.update(toggle_params(enabled))
+ success(updated_setting)
+ else
+ error('Error during updating the auto fix param')
+ end
end
private
attr_reader :enabled, :feature, :project
+ def error(message)
+ ServiceResponse.error(message: message)
+ end
+
+ def setting
+ @setting ||= project&.security_setting
+ end
+
+ def success(payload)
+ ServiceResponse.success(payload: payload)
+ end
+
def toggle_params(enabled)
if feature == 'all'
{
@@ -37,6 +54,13 @@ def toggle_params(enabled)
end
end
+ def updated_setting
+ {
+ container_scanning: setting.auto_fix_container_scanning,
+ dependency_scanning: setting.auto_fix_dependency_scanning
+ }
+ end
+
def valid?
SUPPORTED_SCANNERS.include?(feature)
end
diff --git a/ee/spec/controllers/projects/security/configuration_controller_spec.rb b/ee/spec/controllers/projects/security/configuration_controller_spec.rb
index 30d12b6d1fbda64b67c7087d382232c8b9c34d9a..4ae4093687581e0bdbecedaaaf09f1d910114a13 100644
--- a/ee/spec/controllers/projects/security/configuration_controller_spec.rb
+++ b/ee/spec/controllers/projects/security/configuration_controller_spec.rb
@@ -140,20 +140,13 @@
context 'with sufficient permissions' do
let(:user) { maintainer }
- it 'shows auto fix disable for dependency scanning for json format' do
- get :show, params: { namespace_id: project.namespace, project_id: project, format: :json }
-
- expect(response).to have_gitlab_http_status(:ok)
- expect(json_response['auto_fix_enabled']).to include({ 'dependency_scanning' => false })
- end
-
context 'with setup feature param' do
let(:feature) { :dependency_scanning }
it 'processes request and updates setting' do
expect(response).to have_gitlab_http_status(:ok)
expect(project.security_setting.reload.auto_fix_dependency_scanning).to be_falsey
- expect(response[:dependency_scanning]).to be_falsey
+ expect(json_response['dependency_scanning']).to be(false)
end
end
@@ -166,7 +159,8 @@
expect(response).to have_gitlab_http_status(:ok)
expect(setting.auto_fix_dependency_scanning).to be_falsey
expect(setting.auto_fix_dast).to be_falsey
- expect(response[:container_scanning]).to be_falsey
+ expect(json_response['dependency_scanning']).to be(false)
+ expect(json_response['container_scanning']).to be(false)
end
end
diff --git a/ee/spec/services/security/configuration/save_auto_fix_service_spec.rb b/ee/spec/services/security/configuration/save_auto_fix_service_spec.rb
index 136937b5e1cea8cc3f2adc8f4d8ca18aa38275bf..e9be8853d2760ce0675b08bbb56ba3e8f47ec9ea 100644
--- a/ee/spec/services/security/configuration/save_auto_fix_service_spec.rb
+++ b/ee/spec/services/security/configuration/save_auto_fix_service_spec.rb
@@ -6,16 +6,21 @@
describe '#execute' do
let_it_be_with_reload(:project) { create(:project) }
- subject(:service) { described_class.new(project, feature) }
+ let(:service) { described_class.new(project, feature) }
- before do
- service.execute(enabled: false)
- end
+ subject(:response) { service.execute(enabled: false) }
context 'with supported scanner type' do
let(:feature) { 'dependency_scanning' }
+ it 'returns success status' do
+ expect(response).to be_success
+ expect(response.payload).to eq({ container_scanning: true, dependency_scanning: false })
+ end
+
it 'changes setting' do
+ response
+
expect(project.security_setting.auto_fix_dependency_scanning).to be_falsey
end
end
@@ -23,7 +28,13 @@
context 'with all scanners' do
let(:feature) { 'all' }
+ it 'returns success status' do
+ expect(response).to be_success
+ end
+
it 'changes setting' do
+ response
+
expect(project.security_setting.auto_fix_dependency_scanning).to be_falsey
expect(project.security_setting.auto_fix_container_scanning).to be_falsey
end
@@ -33,7 +44,8 @@
let(:feature) { :dep_scan }
it 'does not change setting' do
- expect(project.security_setting.auto_fix_dependency_scanning).to be_truthy
+ expect(response).to be_error
+ expect(response.message).to eq('Auto fix is not available for dep_scan feature')
end
end
end