[go: up one dir, main page]
Skip to content

Add integration test for policy dismissal audit events

Andy Schoenenrequested to merge
add-integration-test-policy-dismissal-audit into master

What does this MR do and why?

This MR adds a comprehensive integration test for the policy dismissal audit event functionality that was implemented in !205857 (merged).

The test verifies the complete flow:

  1. Creating a security policy in warn mode
  2. Creating a merge request with policy violations
  3. Dismissing the policy violations
  4. Merging the MR
  5. Verifying that audit events are created correctly

Test Coverage

The integration test covers:

  • Happy path: When a merge request with dismissed policy violations is merged, an audit event is created
  • Edge case: When policy dismissals are not applicable for all violations, they are destroyed and no audit event is created
  • Negative case: When there are no policy dismissals, no audit events are created

Key Test Scenarios

1. Audit Event Creation

  • Verifies that when an MR with dismissed policies is merged, the policy dismissal status changes from open to preserved
  • Confirms that an audit event is created with the correct:
    • Author (the user who dismissed the policy)
    • Target (the security policy)
    • Message (includes MR reference)
    • Entity (the project)

2. Non-Applicable Dismissals

  • Tests the scenario where a dismissal doesn't cover all violation UUIDs
  • Verifies that such dismissals are destroyed during the merge process
  • Confirms no audit event is created for destroyed dismissals

3. No Dismissals

  • Ensures that MRs without policy dismissals don't trigger audit events

Implementation Details

The test uses:

  • Real security policy configuration setup
  • Actual merge request creation and merging
  • Background job processing (perform_enqueued_jobs)
  • Factory-created policy dismissals and violations
  • Proper feature flag and license stubbing

References

  • Related to: !205857 (merged) (original implementation)
  • Follows the validation steps from the original MR description
  • Tests the functionality described in #569628

How to set up and validate locally

  1. Enable the feature flag: Feature.enable(:security_policy_approval_warn_mode)
  2. Run the test: bundle exec rspec ee/spec/features/merge_requests/policy_dismissal_audit_integration_spec.rb

The test should pass and verify all the audit event creation scenarios.

MR acceptance checklist

  • Test covers the main functionality
  • Test covers edge cases
  • Test uses proper factories and setup
  • Test includes proper assertions
  • Test follows GitLab testing conventions

Merge request reports