Split CI/CD-related infrastructure into its own model

AGENTS.md

@@ -54,6 +54,7 @@ Modules in various stages of reorganization:
 |--------|-----------|-------------|-----|------|--------|
 | **url** | In module | N/A | Done | Done | **Complete** |
 | **location** | In module | N/A | N/A | Done | **Complete** |
+| **cicd_infrastructure** | In module | N/A | Done | Done | **Complete** |
 | **product_type** | In dojo/models.py | Missing | Partial (views at root) | In dojo/api_v2/ | Needs work |
 | **test** | In dojo/models.py | Missing | Partial (views at root) | In dojo/api_v2/ | Needs work |
 | **engagement** | In dojo/models.py | Partial (32 lines) | Partial (views at root) | In dojo/api_v2/ | Needs work |

dojo/authorization/api_permissions.py

@@ -19,6 +19,7 @@
 from dojo.importers.auto_create_context import AutoCreateContextManager
 from dojo.location.models import Location
 from dojo.models import (
+    CICDInfrastructure,
     Development_Environment,
     Endpoint,
     Engagement,
@@ -919,6 +920,18 @@ class UserHasRegulationPermission(BaseDjangoModelPermission):
     }
 
 
+class UserHasCICDInfrastructurePermission(BaseDjangoModelPermission):
+    django_model = CICDInfrastructure
+    # Reads are open to any authenticated user (engagement views surface CICD
+    # references and need to render them). Writes require elevated privileges.
+    request_method_permission_map = {
+        "POST": "add",
+        "PUT": "change",
+        "PATCH": "change",
+        "DELETE": "delete",
+    }
+
+
 def raise_no_auto_create_import_validation_error(
     test_title,
     scan_type,

dojo/cicd_infrastructure/__init__.py

@@ -0,0 +1 @@
+import dojo.cicd_infrastructure.admin  # noqa: F401

dojo/cicd_infrastructure/admin.py

@@ -0,0 +1,9 @@
+from django.contrib import admin
+
+from dojo.cicd_infrastructure.models import CICDInfrastructure
+
+
+@admin.register(CICDInfrastructure)
+class CICDInfrastructureAdmin(admin.ModelAdmin):
+
+    """Admin support for the CICDInfrastructure model."""

dojo/cicd_infrastructure/api/serializers.py

@@ -0,0 +1,16 @@
+from rest_framework import serializers
+
+from dojo.models import CICDInfrastructure
+
+
+class CICDInfrastructureSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = CICDInfrastructure
+        fields = "__all__"
+
+    def get_fields(self):
+        fields = super().get_fields()
+        if self.instance is not None:
+            # Disallow editing of infra type on an instance; see the matching comment on CICDInfrastructure#save()
+            fields["infrastructure_type"].read_only = True
+        return fields

dojo/cicd_infrastructure/api/urls.py

@@ -0,0 +1,6 @@
+from dojo.cicd_infrastructure.api.views import CICDInfrastructureViewSet
+
+
+def add_cicd_infrastructure_urls(router):
+    router.register(r"cicd_infrastructure", CICDInfrastructureViewSet, basename="cicd_infrastructure")
+    return router

dojo/cicd_infrastructure/api/views.py

@@ -0,0 +1,21 @@
+from django_filters.rest_framework import DjangoFilterBackend
+from rest_framework.permissions import IsAuthenticated
+
+from dojo.api_v2.views import DojoModelViewSet
+from dojo.authorization import api_permissions as permissions
+from dojo.cicd_infrastructure.api.serializers import CICDInfrastructureSerializer
+from dojo.models import CICDInfrastructure
+
+
+# Authorization: read open to authenticated users; write requires configuration permission.
+class CICDInfrastructureViewSet(
+    DojoModelViewSet,
+):
+    serializer_class = CICDInfrastructureSerializer
+    queryset = CICDInfrastructure.objects.none()
+    filter_backends = (DjangoFilterBackend,)
+    filterset_fields = ["id", "name", "infrastructure_type"]
+    permission_classes = (IsAuthenticated, permissions.UserHasCICDInfrastructurePermission)
+
+    def get_queryset(self):
+        return CICDInfrastructure.objects.all().order_by("id")

dojo/cicd_infrastructure/models.py

@@ -0,0 +1,35 @@
+from django.core.exceptions import ValidationError
+from django.db import models
+from django.utils.translation import gettext as _
+
+
+class CICDInfrastructure(models.Model):
+    INFRASTRUCTURE_TYPE_CHOICES = (
+        ("scm_server", "SCM Server"),
+        ("build_server", "Build Server"),
+        ("orchestration", "Orchestration Engine"),
+    )
+
+    name = models.CharField(max_length=200)
+    description = models.CharField(max_length=2000, blank=True, default="")
+    url = models.URLField(max_length=2000, blank=True, default="", help_text=_("Public URL of the tool (e.g., https://jenkins.company.com)"))
+    infrastructure_type = models.CharField(max_length=30, choices=INFRASTRUCTURE_TYPE_CHOICES)
+
+    class Meta:
+        ordering = ["name"]
+        unique_together = [("name", "infrastructure_type")]
+
+    def __str__(self):
+        return self.name
+
+    def save(self, *args, **kwargs):
+        if self.pk:
+            # Disallow editing of the infra type on an instance; engagement CICD FKs are scoped by infrastructure_type
+            # via limit_choices_to (build_server/scm_server/orchestration), so changing the type would create a
+            # semantic conflict between an engagement and this object.
+            current_type = type(self).objects.filter(pk=self.pk).values_list("infrastructure_type", flat=True).first()
+            if current_type is not None and current_type != self.infrastructure_type:
+                raise ValidationError(
+                    {"infrastructure_type": _("infrastructure_type cannot be changed once set.")},
+                )
+        super().save(*args, **kwargs)

dojo/cicd_infrastructure/ui/forms.py

@@ -0,0 +1,15 @@
+from django import forms
+
+from dojo.models import CICDInfrastructure
+
+
+class CICDInfrastructureForm(forms.ModelForm):
+    class Meta:
+        model = CICDInfrastructure
+        fields = ["name", "description", "url", "infrastructure_type"]
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        if self.instance.pk:
+            # Disallow editing of infra type on an instance; see the matching comment on CICDInfrastructure#save()
+            self.fields["infrastructure_type"].disabled = True

dojo/cicd_infrastructure/ui/urls.py

@@ -0,0 +1,10 @@
+from django.urls import re_path
+
+from dojo.cicd_infrastructure.ui import views
+
+urlpatterns = [
+    re_path(r"^cicd_infrastructure/add$", views.new_cicd_infrastructure, name="add_cicd_infrastructure"),
+    re_path(r"^cicd_infrastructure/(?P<ciid>\d+)/edit$", views.edit_cicd_infrastructure, name="edit_cicd_infrastructure"),
+    re_path(r"^cicd_infrastructure/(?P<ciid>\d+)/delete$", views.delete_cicd_infrastructure, name="delete_cicd_infrastructure"),
+    re_path(r"^cicd_infrastructure$", views.cicd_infrastructure, name="cicd_infrastructure"),
+]

dojo/cicd_infrastructure/ui/views.py

@@ -0,0 +1,66 @@
+import logging
+
+from django.contrib import messages
+from django.http import HttpResponseRedirect
+from django.shortcuts import get_object_or_404, render
+from django.urls import reverse
+from django.utils.translation import gettext as _
+
+from dojo.authorization.authorization import user_has_configuration_permission_or_403
+from dojo.cicd_infrastructure.ui.forms import CICDInfrastructureForm
+from dojo.models import CICDInfrastructure
+from dojo.utils import add_breadcrumb
+
+logger = logging.getLogger(__name__)
+
+
+def cicd_infrastructure(request):
+    confs = CICDInfrastructure.objects.all().order_by("name")
+    add_breadcrumb(title=_("CI/CD Infrastructure List"), top_level=not len(request.GET), request=request)
+    return render(request, "dojo/cicd_infrastructure.html", {"confs": confs})
+
+
+def new_cicd_infrastructure(request):
+    user_has_configuration_permission_or_403(request.user, "dojo.add_cicdinfrastructure")
+    if request.method == "POST":
+        form = CICDInfrastructureForm(request.POST)
+        if form.is_valid():
+            form.save()
+            messages.add_message(request, messages.SUCCESS,
+                                 _("CI/CD Infrastructure successfully created."),
+                                 extra_tags="alert-success")
+            return HttpResponseRedirect(reverse("cicd_infrastructure"))
+    else:
+        form = CICDInfrastructureForm()
+        add_breadcrumb(title=_("New CI/CD Infrastructure"), top_level=False, request=request)
+    return render(request, "dojo/new_cicd_infrastructure.html", {"form": form})
+
+
+def edit_cicd_infrastructure(request, ciid):
+    user_has_configuration_permission_or_403(request.user, "dojo.change_cicdinfrastructure")
+    conf = get_object_or_404(CICDInfrastructure, pk=ciid)
+    if request.method == "POST":
+        form = CICDInfrastructureForm(request.POST, instance=conf)
+        if form.is_valid():
+            form.save()
+            messages.add_message(request, messages.SUCCESS,
+                                 _("CI/CD Infrastructure successfully updated."),
+                                 extra_tags="alert-success")
+            return HttpResponseRedirect(reverse("cicd_infrastructure"))
+    else:
+        form = CICDInfrastructureForm(instance=conf)
+    add_breadcrumb(title=_("Edit CI/CD Infrastructure"), top_level=False, request=request)
+    return render(request, "dojo/edit_cicd_infrastructure.html", {"form": form, "conf": conf})
+
+
+def delete_cicd_infrastructure(request, ciid):
+    user_has_configuration_permission_or_403(request.user, "dojo.delete_cicdinfrastructure")
+    conf = get_object_or_404(CICDInfrastructure, pk=ciid)
+    if request.method == "POST":
+        conf.delete()
+        messages.add_message(request, messages.SUCCESS,
+                             _("CI/CD Infrastructure successfully deleted."),
+                             extra_tags="alert-success")
+        return HttpResponseRedirect(reverse("cicd_infrastructure"))
+    add_breadcrumb(title=_("Delete CI/CD Infrastructure"), top_level=False, request=request)
+    return render(request, "dojo/delete_cicd_infrastructure.html", {"conf": conf})