From 3dd33e1d5cacbc08bd6b3496221d1c517a357d4f Mon Sep 17 00:00:00 2001
From: Zamir Martins Filho <zfilho@gitlab.com>
Date: Tue, 8 Feb 2022 15:01:54 -0500
Subject: [PATCH 1/5] Add policy action builder into scan result policy

page. There is another MR in parallel to this one
dealing with policy rules. This is applicable to
both new and existing policies.

EE: true
---
 .../approver_deletable_avatar.vue             |  30 ++++
 .../scan_result_policy/lib/actions.js         |  52 ++++++
 .../policy_action_builder.vue                 | 146 +++++++++++++++++
 .../scan_result_policy_editor.vue             |  14 ++
 .../approver_deletable_avatar_spec.js         |  87 ++++++++++
 .../scan_result_policy/lib/actions_spec.js    | 148 ++++++++++++++++++
 .../policy_action_builder_spec.js             |  98 ++++++++++++
 .../scan_result_policy_editor_spec.js         |  28 +++-
 locale/gitlab.pot                             |   6 +
 9 files changed, 608 insertions(+), 1 deletion(-)
 create mode 100644 ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approver_deletable_avatar.vue
 create mode 100644 ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/lib/actions.js
 create mode 100644 ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
 create mode 100644 ee/spec/frontend/threat_monitoring/components/policy_editor/approver_deletable_avatar_spec.js
 create mode 100644 ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/lib/actions_spec.js
 create mode 100644 ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js

diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approver_deletable_avatar.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approver_deletable_avatar.vue
new file mode 100644
index 00000000000000..8b8715f91fdd9b
--- /dev/null
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approver_deletable_avatar.vue
@@ -0,0 +1,30 @@
+<script>
+import ApproversListItem from 'ee/approvals/components/approvers_list_item.vue';
+
+export default {
+  extends: ApproversListItem,
+};
+</script>
+
+<template>
+  <div
+    class="gl-bg-gray-100 gl-border-1 gl-border-gray-100 gl-rounded-base px-1 pt-1 gl-relative gl-pb-1 gl-display-inline-flex"
+  >
+    <gl-avatar-labeled
+      :shape="avatarShape"
+      :src="approver.avatar_url"
+      :size="24"
+      :label="displayName"
+      :entity-name="approver.name"
+      :alt="approver.name"
+    />
+    <gl-button
+      :aria-label="$options.i18n.removeApproverText"
+      class="gl-ml-2"
+      variant="link"
+      data-testid="remove-rule"
+      icon="close"
+      @click="$emit('input', approver)"
+    />
+  </div>
+</template>
diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/lib/actions.js b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/lib/actions.js
new file mode 100644
index 00000000000000..7086ab79dfb644
--- /dev/null
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/lib/actions.js
@@ -0,0 +1,52 @@
+const USER_TYPE = 'user';
+const GROUP_TYPE = 'group';
+
+/*
+  Return the ids for all approvers of the group type.
+*/
+export function groupIds(approvers) {
+  return approvers
+    .filter((approver) => approver.type === GROUP_TYPE)
+    .map((approver) => approver.id);
+}
+
+/*
+  Return the ids for all approvers of the user type.
+*/
+export function userIds(approvers) {
+  return approvers.filter((approver) => approver.type === USER_TYPE).map((approver) => approver.id);
+}
+
+/*
+  Group existing approvers into a single array.
+*/
+export function groupApprovers(existingApprovers) {
+  const approvers = [...existingApprovers];
+  const userUniqKeys = ['state', 'username'];
+  const groupUniqKeys = ['full_name', 'full_path'];
+
+  return approvers.map((approver) => {
+    const approverKeys = Object.keys(approver);
+
+    if (approverKeys.includes(...groupUniqKeys)) {
+      return { ...approver, type: GROUP_TYPE };
+    } else if (approverKeys.includes(...userUniqKeys)) {
+      return { ...approver, type: USER_TYPE };
+    }
+    return approver;
+  });
+}
+
+/*
+  Convert approvers into yaml fields (user_approvers, users_approvers_ids) in relation to action.
+*/
+export function decomposeApprovers(action, approvers) {
+  const newAction = { ...action };
+  delete newAction.group_approvers;
+  delete newAction.user_approvers;
+  return {
+    ...newAction,
+    user_approvers_ids: userIds(approvers),
+    group_approvers_ids: groupIds(approvers),
+  };
+}
diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
new file mode 100644
index 00000000000000..8162bb5f62541e
--- /dev/null
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
@@ -0,0 +1,146 @@
+<script>
+import { GlSprintf, GlForm, GlButton, GlFormInput, GlModalDirective, GlModal } from '@gitlab/ui';
+import { s__ } from '~/locale';
+import ApproversSelect from 'ee/approvals/components/approvers_select.vue';
+import ApproversList from 'ee/approvals/components/approvers_list.vue';
+import ApproverDeletableAvatar from '../approver_deletable_avatar.vue';
+import { groupApprovers, decomposeApprovers, groupIds, userIds } from './lib/actions';
+
+export default {
+  components: {
+    GlSprintf,
+    GlForm,
+    GlButton,
+    GlFormInput,
+    ApproversSelect,
+    GlModal,
+    ApproversList,
+    ApproverDeletableAvatar,
+  },
+  directives: {
+    GlModalDirective,
+  },
+  inject: ['projectId'],
+  props: {
+    initAction: {
+      type: Object,
+      required: true,
+    },
+    existingApprovers: {
+      type: Array,
+      required: true,
+    },
+  },
+  data() {
+    return {
+      action: { ...this.initAction },
+      approversToAdd: [],
+      approvers: groupApprovers(this.existingApprovers),
+    };
+  },
+  computed: {
+    sprintfTemplate() {
+      return s__(
+        'ScanResultPolicy|%{thenLabelStart}Then%{thenLabelEnd} Require approval from %{approvalsRequired} of the following approvers: %{approvers}',
+      );
+    },
+    groupIds() {
+      return groupIds(this.approvers);
+    },
+    userIds() {
+      return userIds(this.approvers);
+    },
+  },
+  watch: {
+    approversToAdd(approvers) {
+      this.approvers.push(...approvers);
+    },
+    approvers(values) {
+      this.action = decomposeApprovers(this.action, values);
+    },
+    action: {
+      handler(values) {
+        this.$emit('changed', values);
+      },
+      deep: true,
+    },
+  },
+  methods: {
+    approvalsRequiredChanged(value) {
+      this.action.approvals_required = parseInt(value, 10);
+    },
+    removeApprover(removedApprover) {
+      this.approvers = this.approvers.filter(
+        (approver) => approver.type !== removedApprover.type || approver.id !== removedApprover.id,
+      );
+    },
+  },
+  i18n: {
+    addAnApprover: s__('ScanResultPolicy|add an approver'),
+  },
+};
+</script>
+
+<template>
+  <div
+    class="gl-bg-gray-10 gl-border-solid gl-border-1 gl-border-gray-100 gl-rounded-base px-3 pt-3 gl-relative gl-pb-4"
+  >
+    <gl-form inline @submit.prevent>
+      <gl-sprintf :message="sprintfTemplate">
+        <template #thenLabel="{ content }">
+          <label for="approvalRequired" class="text-uppercase gl-font-lg gl-mr-3">{{
+            content
+          }}</label>
+        </template>
+
+        <template #approvalsRequired>
+          <gl-form-input
+            :value="action.approvals_required"
+            type="number"
+            class="gl-w-11! gl-m-3"
+            :min="1"
+            data-testid="approvals-required-input"
+            @input="approvalsRequiredChanged"
+          />
+        </template>
+
+        <template #approvers>
+          <approver-deletable-avatar
+            v-for="approver in approvers"
+            :key="approver.type + approver.id"
+            class="gl-ml-3"
+            :approver="approver"
+            @input="removeApprover"
+          />
+          <gl-button
+            v-gl-modal-directive="'approvers-modal'"
+            class="gl-ml-3"
+            variant="link"
+            data-testid="add-approver"
+            icon="plus"
+          >
+            {{ $options.i18n.addAnApprover }}
+          </gl-button>
+
+          <gl-modal
+            modal-id="approvers-modal"
+            title="Add an approver"
+            size="sm"
+            :hide-footer="true"
+          >
+            <approvers-select
+              v-model="approversToAdd"
+              :project-id="projectId"
+              :skip-user-ids="userIds"
+              :skip-group-ids="groupIds"
+              data-testid="approvers-select"
+            />
+            <div class="bordered-box overflow-auto h-12em">
+              <approvers-list v-model="approvers" />
+            </div>
+          </gl-modal>
+        </template>
+      </gl-sprintf>
+    </gl-form>
+  </div>
+</template>
diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/scan_result_policy_editor.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/scan_result_policy_editor.vue
index b5eb31e20efe53..f11806712d019b 100644
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/scan_result_policy_editor.vue
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/scan_result_policy_editor.vue
@@ -19,6 +19,7 @@ import {
 import PolicyEditorLayout from '../policy_editor_layout.vue';
 import { assignSecurityPolicyProject, modifyPolicy } from '../utils';
 import DimDisableContainer from '../dim_disable_container.vue';
+import PolicyActionBuilder from './policy_action_builder.vue';
 import { DEFAULT_SCAN_RESULT_POLICY, fromYaml, toYaml } from './lib';
 
 export default {
@@ -49,6 +50,7 @@ export default {
     GlFormInput,
     GlFormTextarea,
     GlAlert,
+    PolicyActionBuilder,
     PolicyEditorLayout,
     DimDisableContainer,
   },
@@ -116,6 +118,9 @@ export default {
     },
   },
   methods: {
+    updateAction(actionIndex, values) {
+      this.policy.actions.splice(actionIndex, 1, values);
+    },
     handleError(error) {
       if (error.message.toLowerCase().includes('graphql')) {
         this.$emit('error', GRAPHQL_ERROR_MESSAGE);
@@ -264,6 +269,15 @@ export default {
         <template #disabled>
           <div :class="`${$options.SHARED_FOR_DISABLED} gl-p-6`"></div>
         </template>
+
+        <policy-action-builder
+          v-for="(action, index) in policy.actions"
+          :key="index"
+          class="gl-mb-4"
+          :init-action="action"
+          :existing-approvers="scanResultPolicyApprovers"
+          @changed="updateAction(index, $event)"
+        />
       </dim-disable-container>
     </template>
 
diff --git a/ee/spec/frontend/threat_monitoring/components/policy_editor/approver_deletable_avatar_spec.js b/ee/spec/frontend/threat_monitoring/components/policy_editor/approver_deletable_avatar_spec.js
new file mode 100644
index 00000000000000..e3a0b20acda386
--- /dev/null
+++ b/ee/spec/frontend/threat_monitoring/components/policy_editor/approver_deletable_avatar_spec.js
@@ -0,0 +1,87 @@
+import { GlButton, GlAvatarLabeled } from '@gitlab/ui';
+import { shallowMount } from '@vue/test-utils';
+import ApproverDeletableAvatar from 'ee/threat_monitoring/components/policy_editor/approver_deletable_avatar.vue';
+import { TYPE_USER, TYPE_GROUP } from 'ee/approvals/constants';
+
+const TEST_USER = {
+  id: 1,
+  type: TYPE_USER,
+  name: 'Lorem Ipsum',
+  avatar_url: '/asd/1',
+};
+const TEST_GROUP = {
+  id: 1,
+  type: TYPE_GROUP,
+  name: 'Lorem Group',
+  full_path: 'dolar/sit/amit',
+  avatar_url: '/asd/2',
+};
+
+describe('ApproverDeletableAvatar', () => {
+  let wrapper;
+
+  const factory = (options = {}) => {
+    wrapper = shallowMount(ApproverDeletableAvatar, {
+      ...options,
+    });
+  };
+
+  const findAvatar = () => wrapper.findComponent(GlAvatarLabeled);
+  const findRemoveButton = () => wrapper.findComponent(GlButton);
+
+  describe('when user', () => {
+    beforeEach(() => {
+      factory({
+        propsData: {
+          approver: TEST_USER,
+        },
+      });
+    });
+
+    it('renders GlAvatar for user', () => {
+      const avatar = findAvatar();
+      expect(avatar.exists()).toBe(true);
+      expect(avatar.attributes()).toMatchObject({
+        'entity-name': TEST_USER.name,
+        src: TEST_USER.avatar_url,
+        shape: 'circle',
+        alt: TEST_USER.name,
+      });
+      expect(avatar.props('label')).toBe(TEST_USER.name);
+    });
+
+    it('when remove clicked, emits remove', async () => {
+      await findRemoveButton().vm.$emit('click');
+
+      expect(wrapper.emitted().input).toEqual([[TEST_USER]]);
+    });
+  });
+
+  describe('when group', () => {
+    beforeEach(() => {
+      factory({
+        propsData: {
+          approver: TEST_GROUP,
+        },
+      });
+    });
+
+    it('renders ProjectAvatar for group', () => {
+      const avatar = findAvatar();
+      expect(avatar.exists()).toBe(true);
+      expect(avatar.attributes()).toMatchObject({
+        'entity-name': TEST_GROUP.name,
+        src: TEST_GROUP.avatar_url,
+        shape: 'rect',
+        alt: TEST_GROUP.name,
+      });
+      expect(avatar.props('label')).toBe(TEST_GROUP.full_path);
+    });
+
+    it('when remove clicked, emits remove', async () => {
+      await findRemoveButton().vm.$emit('click');
+
+      expect(wrapper.emitted().input).toEqual([[TEST_GROUP]]);
+    });
+  });
+});
diff --git a/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/lib/actions_spec.js b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/lib/actions_spec.js
new file mode 100644
index 00000000000000..26729159fce146
--- /dev/null
+++ b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/lib/actions_spec.js
@@ -0,0 +1,148 @@
+import {
+  groupIds,
+  userIds,
+  groupApprovers,
+  decomposeApprovers,
+} from 'ee/threat_monitoring/components/policy_editor/scan_result_policy/lib/actions';
+
+// As returned by endpoints based on API::Entities::UserBasic
+const userApprover = {
+  id: 1,
+  name: null,
+  state: null,
+  username: null,
+  avatar_url: null,
+  web_url: null,
+};
+
+// As returned by endpoints based on API::Entities::PublicGroupDetails
+const groupApprover = {
+  id: 2,
+  name: null,
+  full_name: null,
+  full_path: null,
+  avatar_url: null,
+  web_url: null,
+};
+
+const unknownApprover = { id: 3, name: null };
+
+const allApprovers = [userApprover, groupApprover];
+
+const groupedApprovers = groupApprovers(allApprovers);
+
+describe('groupApprovers', () => {
+  describe('with mixed approvers', () => {
+    it('returns a copy of the input values with their proper type attribute', () => {
+      expect(groupApprovers(allApprovers)).toStrictEqual([
+        {
+          avatar_url: null,
+          id: userApprover.id,
+          name: null,
+          state: null,
+          type: 'user',
+          username: null,
+          web_url: null,
+        },
+        {
+          avatar_url: null,
+          full_name: null,
+          full_path: null,
+          id: groupApprover.id,
+          name: null,
+          type: 'group',
+          web_url: null,
+        },
+      ]);
+    });
+
+    it('sets types depending on whether the approver is a group or a user', () => {
+      const approvers = groupApprovers(allApprovers);
+      expect(approvers.find((approver) => approver.id === userApprover.id)).toEqual(
+        expect.objectContaining({ type: 'user' }),
+      );
+      expect(approvers.find((approver) => approver.id === groupApprover.id)).toEqual(
+        expect.objectContaining({ type: 'group' }),
+      );
+    });
+  });
+
+  it('sets group as a type for group related approvers', () => {
+    expect(groupApprovers([groupApprover])).toStrictEqual([
+      {
+        avatar_url: null,
+        full_name: null,
+        full_path: null,
+        id: groupApprover.id,
+        name: null,
+        type: 'group',
+        web_url: null,
+      },
+    ]);
+  });
+
+  it('sets user as a type for user related approvers', () => {
+    expect(groupApprovers([userApprover])).toStrictEqual([
+      {
+        avatar_url: null,
+        id: userApprover.id,
+        name: null,
+        state: null,
+        type: 'user',
+        username: null,
+        web_url: null,
+      },
+    ]);
+  });
+
+  it('does not set a type if neither group or user keys are present', () => {
+    expect(groupApprovers([unknownApprover])).toStrictEqual([
+      { id: unknownApprover.id, name: null },
+    ]);
+  });
+});
+
+describe('decomposeApprovers', () => {
+  it('returns a copy of approvers adding id fields for both group and users', () => {
+    expect(decomposeApprovers({}, groupedApprovers)).toStrictEqual({
+      group_approvers_ids: [groupApprover.id],
+      user_approvers_ids: [userApprover.id],
+    });
+  });
+
+  it('removes group_approvers and user_approvers keys only keeping the id fields', () => {
+    expect(
+      decomposeApprovers({ user_approvers: null, group_approvers: null }, groupedApprovers),
+    ).toStrictEqual({
+      group_approvers_ids: [groupApprover.id],
+      user_approvers_ids: [userApprover.id],
+    });
+  });
+
+  it('preserves any other keys in addition to the id fields', () => {
+    expect(decomposeApprovers({ existingKey: null }, groupedApprovers)).toStrictEqual({
+      group_approvers_ids: [groupApprover.id],
+      user_approvers_ids: [userApprover.id],
+      existingKey: null,
+    });
+  });
+
+  it('returns empty id fields if there is only unknown types', () => {
+    expect(decomposeApprovers({}, [unknownApprover])).toStrictEqual({
+      group_approvers_ids: [],
+      user_approvers_ids: [],
+    });
+  });
+});
+
+describe('userIds', () => {
+  it('returns only approver with type set to user', () => {
+    expect(userIds(groupedApprovers)).toStrictEqual([userApprover.id]);
+  });
+});
+
+describe('groupIds', () => {
+  it('returns only approver with type set to group', () => {
+    expect(groupIds(groupedApprovers)).toStrictEqual([groupApprover.id]);
+  });
+});
diff --git a/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
new file mode 100644
index 00000000000000..f77652422302f5
--- /dev/null
+++ b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
@@ -0,0 +1,98 @@
+import { GlFormInput } from '@gitlab/ui';
+import { mount } from '@vue/test-utils';
+import { nextTick } from 'vue';
+import ApproverDeletableAvatar from 'ee/threat_monitoring/components/policy_editor/approver_deletable_avatar.vue';
+import PolicyActionBuilder from 'ee/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue';
+
+const APPROVER_1 = {
+  id: 1,
+  name: 'name',
+  state: 'active',
+  username: 'username',
+  web_url: '',
+  avatar_url: '',
+};
+
+const APPROVER_2 = {
+  id: 2,
+  name: 'name2',
+  state: 'active',
+  username: 'username2',
+  web_url: '',
+  avatar_url: '',
+};
+
+const APPROVERS = [APPROVER_1, APPROVER_2];
+
+const APPROVERS_IDS = APPROVERS.map((approver) => approver.id);
+
+const ACTION = {
+  approvals_required: 1,
+  user_approvers_ids: APPROVERS_IDS,
+};
+
+describe('PolicyActionBuilder', () => {
+  let wrapper;
+
+  const factory = (propsData = {}) => {
+    wrapper = mount(PolicyActionBuilder, {
+      propsData: {
+        initAction: ACTION,
+        existingApprovers: APPROVERS,
+        ...propsData,
+      },
+      provide: {
+        projectId: '1',
+      },
+    });
+  };
+
+  const findApprovalsRequiredInput = () => wrapper.findComponent(GlFormInput);
+  const findAllDeletableAvatars = () => wrapper.findAllComponents(ApproverDeletableAvatar);
+  const findAddApproverBtn = () => wrapper.find('[data-testid="add-approver"]');
+
+  it('renders approvals required form input, the deletable avatars and add approver button', async () => {
+    factory();
+    await nextTick();
+
+    expect(findApprovalsRequiredInput().exists()).toBe(true);
+    expect(findAllDeletableAvatars().length).toBe(APPROVERS.length);
+    expect(findAddApproverBtn().exists()).toBe(true);
+  });
+
+  it('triggers an update when changing approvals required', async () => {
+    const newValue = ACTION.approvals_required + 1;
+    factory();
+    await nextTick();
+
+    const formInput = findApprovalsRequiredInput();
+
+    await formInput.vm.$emit('input', newValue);
+
+    expect(wrapper.emitted().changed).toEqual([
+      [{ approvals_required: newValue, user_approvers_ids: APPROVERS_IDS }],
+    ]);
+  });
+
+  it('removes one approver when triggering a deletable avatar', async () => {
+    factory();
+    await nextTick();
+    const alldeletableAvatars = findAllDeletableAvatars();
+    const deletableAvatar = alldeletableAvatars.at(0);
+
+    expect(alldeletableAvatars.length).toBe(APPROVERS.length);
+
+    await deletableAvatar.vm.$emit('input', { ...APPROVER_1, type: 'user' });
+
+    expect(wrapper.emitted().changed).toEqual([
+      [
+        {
+          approvals_required: ACTION.approvals_required,
+          user_approvers_ids: [APPROVER_2.id],
+          group_approvers_ids: [],
+        },
+      ],
+    ]);
+    expect(findAllDeletableAvatars()).toHaveLength(APPROVERS.length - 1);
+  });
+});
diff --git a/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/scan_result_policy_editor_spec.js b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/scan_result_policy_editor_spec.js
index eb000a656b3184..610f99bfc81f49 100644
--- a/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/scan_result_policy_editor_spec.js
+++ b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/scan_result_policy_editor_spec.js
@@ -21,6 +21,7 @@ import {
   EDITOR_MODE_YAML,
 } from 'ee/threat_monitoring/components/policy_editor/constants';
 import DimDisableContainer from 'ee/threat_monitoring/components/policy_editor/dim_disable_container.vue';
+import PolicyActionBuilder from 'ee/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue';
 
 jest.mock('~/lib/utils/url_utility', () => ({
   joinPaths: jest.requireActual('~/lib/utils/url_utility').joinPaths,
@@ -49,7 +50,7 @@ describe('ScanResultPolicyEditor', () => {
     branch: 'main',
     fullPath: 'path/to/existing-project',
   };
-  const scanResultPolicyApprovers = [];
+  const scanResultPolicyApprovers = [{ id: 1, username: 'username', state: 'active' }];
 
   const factory = ({ propsData = {}, provide = {} } = {}) => {
     wrapper = shallowMount(ScanResultPolicyEditor, {
@@ -82,6 +83,8 @@ describe('ScanResultPolicyEditor', () => {
 
   const findEmptyState = () => wrapper.findComponent(GlEmptyState);
   const findPolicyEditorLayout = () => wrapper.findComponent(PolicyEditorLayout);
+  const findPolicyActionBuilder = () => wrapper.findComponent(PolicyActionBuilder);
+  const findAllPolicyActionBuilders = () => wrapper.findAllComponents(PolicyActionBuilder);
   const findAddRuleButton = () => wrapper.find('[data-testid="add-rule"]');
   const findAlert = () => wrapper.findComponent(GlAlert);
   const findNameInput = () => wrapper.findComponent(GlFormInput);
@@ -208,4 +211,27 @@ describe('ScanResultPolicyEditor', () => {
       expect(emptyState.props('svgPath')).toBe(policyEditorEmptyStateSvgPath);
     });
   });
+
+  describe('with policy action builder', () => {
+    it('renders a single policy action builder', async () => {
+      factory();
+
+      await nextTick();
+
+      expect(findAllPolicyActionBuilders()).toHaveLength(1);
+      expect(findPolicyActionBuilder().props('existingApprovers')).toEqual(
+        scanResultPolicyApprovers,
+      );
+    });
+
+    it('updates policy action when edited', async () => {
+      const UPDATED_ACTION = { type: 'required_approval', group_approvers_ids: [1] };
+      factory();
+
+      await nextTick();
+      await findPolicyActionBuilder().vm.$emit('changed', UPDATED_ACTION);
+
+      expect(findPolicyActionBuilder().props('initAction')).toEqual(UPDATED_ACTION);
+    });
+  });
 });
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 44d04b63afced2..23ffb2c1bdd399 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -31699,6 +31699,12 @@ msgstr ""
 msgid "Saving project."
 msgstr ""
 
+msgid "ScanResultPolicy|%{thenLabelStart}Then%{thenLabelEnd} Require approval from %{approvalsRequired} of the following approvers: %{approvers}"
+msgstr ""
+
+msgid "ScanResultPolicy|add an approver"
+msgstr ""
+
 msgid "Scanner"
 msgstr ""
 
-- 
GitLab


From a336f0f6874134bf66c39336f06879420bf5cab8 Mon Sep 17 00:00:00 2001
From: Zamir Martins Filho <zfilho@gitlab.com>
Date: Thu, 10 Feb 2022 12:08:18 -0500
Subject: [PATCH 2/5] Address UX comment in relation to modal and user

flow. Replaces modal by a custom dropdown.
---
 .../approvers_select_dropdown.vue             | 163 +++++++++++++
 .../scan_result_policy/lib/actions.js         |   2 +-
 .../policy_action_builder.vue                 |  50 +---
 .../approvers_select_dropdown_spec.js         | 220 ++++++++++++++++++
 .../policy_action_builder_spec.js             |  35 ++-
 5 files changed, 429 insertions(+), 41 deletions(-)
 create mode 100644 ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approvers_select_dropdown.vue
 create mode 100644 ee/spec/frontend/threat_monitoring/components/policy_editor/approvers_select_dropdown_spec.js

diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approvers_select_dropdown.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approvers_select_dropdown.vue
new file mode 100644
index 00000000000000..d9ceff100af92a
--- /dev/null
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approvers_select_dropdown.vue
@@ -0,0 +1,163 @@
+<script>
+import {
+  GlDropdown,
+  GlIcon,
+  GlSearchBoxByType,
+  GlSkeletonLoader,
+  GlAvatarLabeled,
+  GlDropdownItem,
+} from '@gitlab/ui';
+import { s__ } from '~/locale';
+import Api from 'ee/api';
+import { AVATAR_SHAPE_OPTION_CIRCLE, AVATAR_SHAPE_OPTION_RECT } from '~/vue_shared/constants';
+import { groupApprovers, USER_TYPE } from './scan_result_policy/lib/actions';
+
+const MINIMUM_ALLOWED = 1;
+const DEVELOPER_ACCESS_LEVEL = 30;
+const DEBOUNCE_DELAY = 250;
+
+export default {
+  components: {
+    GlDropdown,
+    GlIcon,
+    GlSearchBoxByType,
+    GlSkeletonLoader,
+    GlAvatarLabeled,
+    GlDropdownItem,
+  },
+  DEBOUNCE_DELAY,
+  i18n: {
+    addAnApprover: s__('ApproversSelectDropdown|add an approver'),
+    noResults: s__('ApproversSelectDropdown|No matching results'),
+    placeholder: s__('ApproversSelectDropdown|Search users or groups'),
+  },
+  inject: ['projectId'],
+  props: {
+    skipGroupIds: {
+      type: Array,
+      required: true,
+    },
+    skipUserIds: {
+      type: Array,
+      required: true,
+    },
+  },
+  data: () => {
+    return {
+      returnedItems: [],
+      searchValue: '',
+      loading: false,
+    };
+  },
+  computed: {
+    hasItems() {
+      return this.returnedItems.length > 0;
+    },
+  },
+  methods: {
+    label(item) {
+      return this.isUser(item) ? item.name : item.full_name;
+    },
+    subLabel(item) {
+      return this.isUser(item) ? `@${item.username}` : item.full_path;
+    },
+    avatarShape(item) {
+      return this.isUser(item) ? AVATAR_SHAPE_OPTION_CIRCLE : AVATAR_SHAPE_OPTION_RECT;
+    },
+    onHide() {
+      this.searchValue = '';
+      this.returnedItems = [];
+    },
+    isUser(item) {
+      return item.type === USER_TYPE;
+    },
+    onClick(index) {
+      this.$emit('selected', this.returnedItems[index]);
+    },
+    async filterItems(value) {
+      this.loading = true;
+      try {
+        const response = await this.fetchGroupsAndUsers(value);
+        this.returnedItems = groupApprovers(response);
+      } catch (error) {
+        this.returnedItems = [];
+        this.$emit('apiError', error.message);
+      } finally {
+        this.loading = false;
+      }
+    },
+    async fetchGroupsAndUsers(term) {
+      const groupsAsync = this.fetchGroups(term);
+      const usersAsync = this.fetchUsers(term);
+
+      const response = await Promise.all([groupsAsync, usersAsync]);
+      return [...response[0], ...response[1]];
+    },
+    async fetchGroups(term) {
+      const hasTerm = term.trim().length > MINIMUM_ALLOWED;
+
+      return Api.projectGroups(this.projectId, {
+        skip_groups: this.skipGroupIds,
+        ...(hasTerm ? { search: term } : {}),
+        with_shared: true,
+        shared_visible_only: true,
+        shared_min_access_level: DEVELOPER_ACCESS_LEVEL,
+      });
+    },
+    async fetchUsers(term) {
+      const newTerm = term.trim().length > MINIMUM_ALLOWED ? term.trim() : '';
+      return Api.projectUsers(this.projectId, newTerm, {
+        skip_users: this.skipUserIds,
+      });
+    },
+  },
+};
+</script>
+
+<template>
+  <gl-dropdown
+    variant="link"
+    class="gl-max-w-full"
+    toggle-class="gl-max-w-full gl-align-items-center gl-text-truncate"
+    boundary="viewport"
+    @hide="onHide"
+  >
+    <template #header>
+      <gl-search-box-by-type
+        v-model="searchValue"
+        :debounce="$options.DEBOUNCE_DELAY"
+        class="gl-display-grid"
+        :placeholder="$options.i18n.placeholder"
+        @input="filterItems"
+      />
+    </template>
+    <template #button-content>
+      <gl-icon name="plus" class="gl-mr-2" />
+      {{ $options.i18n.addAnApprover }}
+    </template>
+    <div v-if="loading" class="gl-px-5">
+      <gl-skeleton-loader :width="400" :height="172">
+        <rect width="380" height="20" x="10" y="15" rx="4" />
+        <rect width="280" height="20" x="10" y="50" rx="4" />
+        <rect width="330" height="20" x="10" y="85" rx="4" />
+      </gl-skeleton-loader>
+    </div>
+    <gl-dropdown-item
+      v-for="(item, index) in returnedItems"
+      v-else-if="hasItems"
+      :key="index"
+      @click="onClick(index)"
+    >
+      <gl-avatar-labeled
+        :size="32"
+        :shape="avatarShape(item)"
+        :label="label(item)"
+        :sub-label="subLabel(item)"
+        :src="item.avatar_url"
+        :entity-name="item.name"
+        :alt="item.name"
+      />
+    </gl-dropdown-item>
+    <p v-else class="gl-mx-5" data-testid="no-results">{{ $options.i18n.noResults }}</p>
+  </gl-dropdown>
+</template>
diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/lib/actions.js b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/lib/actions.js
index 7086ab79dfb644..30f610bdcb66fe 100644
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/lib/actions.js
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/lib/actions.js
@@ -1,4 +1,4 @@
-const USER_TYPE = 'user';
+export const USER_TYPE = 'user';
 const GROUP_TYPE = 'group';
 
 /*
diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
index 8162bb5f62541e..ddac33b1dd7459 100644
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
@@ -1,21 +1,17 @@
 <script>
-import { GlSprintf, GlForm, GlButton, GlFormInput, GlModalDirective, GlModal } from '@gitlab/ui';
+import { GlSprintf, GlForm, GlFormInput, GlModalDirective } from '@gitlab/ui';
 import { s__ } from '~/locale';
-import ApproversSelect from 'ee/approvals/components/approvers_select.vue';
-import ApproversList from 'ee/approvals/components/approvers_list.vue';
 import ApproverDeletableAvatar from '../approver_deletable_avatar.vue';
+import ApproversSelectDropdown from '../approvers_select_dropdown.vue';
 import { groupApprovers, decomposeApprovers, groupIds, userIds } from './lib/actions';
 
 export default {
   components: {
     GlSprintf,
     GlForm,
-    GlButton,
     GlFormInput,
-    ApproversSelect,
-    GlModal,
-    ApproversList,
     ApproverDeletableAvatar,
+    ApproversSelectDropdown,
   },
   directives: {
     GlModalDirective,
@@ -34,7 +30,6 @@ export default {
   data() {
     return {
       action: { ...this.initAction },
-      approversToAdd: [],
       approvers: groupApprovers(this.existingApprovers),
     };
   },
@@ -52,9 +47,6 @@ export default {
     },
   },
   watch: {
-    approversToAdd(approvers) {
-      this.approvers.push(...approvers);
-    },
     approvers(values) {
       this.action = decomposeApprovers(this.action, values);
     },
@@ -74,6 +66,9 @@ export default {
         (approver) => approver.type !== removedApprover.type || approver.id !== removedApprover.id,
       );
     },
+    selectedApprover(approver) {
+      this.approvers.push(approver);
+    },
   },
   i18n: {
     addAnApprover: s__('ScanResultPolicy|add an approver'),
@@ -112,33 +107,12 @@ export default {
             :approver="approver"
             @input="removeApprover"
           />
-          <gl-button
-            v-gl-modal-directive="'approvers-modal'"
-            class="gl-ml-3"
-            variant="link"
-            data-testid="add-approver"
-            icon="plus"
-          >
-            {{ $options.i18n.addAnApprover }}
-          </gl-button>
-
-          <gl-modal
-            modal-id="approvers-modal"
-            title="Add an approver"
-            size="sm"
-            :hide-footer="true"
-          >
-            <approvers-select
-              v-model="approversToAdd"
-              :project-id="projectId"
-              :skip-user-ids="userIds"
-              :skip-group-ids="groupIds"
-              data-testid="approvers-select"
-            />
-            <div class="bordered-box overflow-auto h-12em">
-              <approvers-list v-model="approvers" />
-            </div>
-          </gl-modal>
+          <approvers-select-dropdown
+            class="gl-m-2"
+            :skip-user-ids="userIds"
+            :skip-group-ids="groupIds"
+            @selected="selectedApprover"
+          />
         </template>
       </gl-sprintf>
     </gl-form>
diff --git a/ee/spec/frontend/threat_monitoring/components/policy_editor/approvers_select_dropdown_spec.js b/ee/spec/frontend/threat_monitoring/components/policy_editor/approvers_select_dropdown_spec.js
new file mode 100644
index 00000000000000..fe959263252b6f
--- /dev/null
+++ b/ee/spec/frontend/threat_monitoring/components/policy_editor/approvers_select_dropdown_spec.js
@@ -0,0 +1,220 @@
+import {
+  GlDropdown,
+  GlSearchBoxByType,
+  GlSkeletonLoader,
+  GlAvatarLabeled,
+  GlDropdownItem,
+} from '@gitlab/ui';
+import { mount, shallowMount } from '@vue/test-utils';
+import MockAdapter from 'axios-mock-adapter';
+import ApproversSelectDropdown from 'ee/threat_monitoring/components/policy_editor/approvers_select_dropdown.vue';
+import axios from '~/lib/utils/axios_utils';
+import waitForPromises from 'helpers/wait_for_promises';
+import Api from 'ee/api';
+
+const USER_DATA_RAW = {
+  id: 1,
+  name: 'userName',
+  username: 'userName',
+  state: 'active',
+  avatar_url: '',
+  web_url: '',
+};
+const GROUP_DATA_RAW = {
+  id: 1,
+  name: 'name',
+  full_path: 'full_path',
+  full_name: 'full_name',
+  avatar_url: '',
+  web_url: '',
+};
+
+const USER_DATA = { ...USER_DATA_RAW, type: 'user' };
+const GROUP_DATA = { ...GROUP_DATA_RAW, type: 'group' };
+
+const AVATAR_USER_DATA = {
+  alt: 'userName',
+  'entity-name': 'userName',
+  label: 'userName',
+  shape: 'circle',
+  sublabel: '@userName',
+  labellink: '',
+  size: '32',
+  src: '',
+  sublabellink: '',
+};
+const AVATAR_GROUP_DATA = {
+  alt: 'name',
+  'entity-name': 'name',
+  label: 'full_name',
+  shape: 'rect',
+  sublabel: 'full_path',
+  labellink: '',
+  size: '32',
+  src: '',
+  sublabellink: '',
+};
+
+const SKIP_GROUP_IDS = [2];
+const SKIP_USER_IDS = [3];
+
+const PROJECT_ID = '1';
+
+describe('ApproversSelectDropdown', () => {
+  let mock;
+
+  let wrapper;
+
+  const factory = (propsData = {}, data = {}, mountFunc = shallowMount) => {
+    wrapper = mountFunc(ApproversSelectDropdown, {
+      propsData: {
+        skipGroupIds: SKIP_GROUP_IDS,
+        skipUserIds: SKIP_USER_IDS,
+        ...propsData,
+      },
+      data() {
+        return {
+          ...data,
+        };
+      },
+      provide: {
+        projectId: PROJECT_ID,
+      },
+    });
+  };
+
+  afterEach(() => {
+    wrapper.destroy();
+  });
+
+  const findAllDropdownItems = () => wrapper.findAllComponents(GlDropdownItem);
+  const findAllAvatarLabeled = () => wrapper.findAllComponents(GlAvatarLabeled);
+  const findDropdown = () => wrapper.findComponent(GlDropdown);
+  const findSearchBox = () => wrapper.findComponent(GlSearchBoxByType);
+  const findSkeletonLoader = () => wrapper.findComponent(GlSkeletonLoader);
+  const findNoResultText = () => wrapper.find('[data-testid="no-results"]');
+
+  describe.each`
+    isLoading | showsNoResult | showsSkeletonLoader | showsItems | existingItems
+    ${false}  | ${true}       | ${false}            | ${false}   | ${[]}
+    ${false}  | ${false}      | ${false}            | ${true}    | ${[USER_DATA]}
+    ${true}   | ${false}      | ${true}             | ${false}   | ${[]}
+    ${true}   | ${false}      | ${true}             | ${false}   | ${[USER_DATA]}
+  `(
+    'when loading equals to $isLoading and there are $existingItems.length existing items',
+    ({ isLoading, showsNoResult, showsSkeletonLoader, showsItems, existingItems }) => {
+      beforeEach(() => {
+        factory({}, { loading: isLoading, returnedItems: existingItems });
+      });
+
+      it(`renders the dropdown ${showsItems ? 'with' : 'without'} items`, () => {
+        expect(findDropdown().exists()).toBe(true);
+        expect(findAllDropdownItems().exists()).toBe(showsItems);
+      });
+
+      it(`does ${showsNoResult ? '' : 'not'} render no matching results text`, () => {
+        expect(findNoResultText().exists()).toBe(showsNoResult);
+      });
+
+      it(`does ${showsSkeletonLoader ? '' : 'not'} render skeleton loader`, () => {
+        expect(findSkeletonLoader().exists()).toBe(showsSkeletonLoader);
+      });
+
+      it(`does ${showsItems ? '' : 'not'} render the avatar labeled`, () => {
+        expect(findAllAvatarLabeled().exists()).toBe(showsItems);
+      });
+    },
+  );
+
+  describe.each`
+    existingItems              | expectedAvatarAttributes
+    ${[USER_DATA]}             | ${[AVATAR_USER_DATA]}
+    ${[GROUP_DATA]}            | ${[AVATAR_GROUP_DATA]}
+    ${[USER_DATA, GROUP_DATA]} | ${[AVATAR_USER_DATA, AVATAR_GROUP_DATA]}
+  `('with user and/or group data', ({ existingItems, expectedAvatarAttributes }) => {
+    it('renders the avatar labeled for $existingItems[0].type', () => {
+      factory({}, { returnedItems: existingItems });
+
+      expect(findAllAvatarLabeled()).toHaveLength(existingItems.length);
+      expect(findAllAvatarLabeled().wrappers.map((avatar) => avatar.attributes())).toEqual(
+        expectedAvatarAttributes,
+      );
+    });
+  });
+
+  it('triggers selected when a dropdown item is clicked', async () => {
+    factory({}, { returnedItems: [USER_DATA] });
+
+    await findAllDropdownItems().at(0).vm.$emit('click');
+
+    expect(wrapper.emitted().selected).toEqual([[USER_DATA]]);
+  });
+
+  describe('when search box input is changed', () => {
+    beforeEach(() => {
+      mock = new MockAdapter(axios);
+      mock.onGet('/api/undefined/projects/1/users').reply(200, [USER_DATA_RAW]);
+      mock.onGet('/api/undefined/projects/1/groups.json').reply(200, [GROUP_DATA_RAW]);
+      factory({}, {}, mount);
+    });
+
+    afterEach(() => {
+      mock.restore();
+    });
+
+    it('updates the dropdown items', async () => {
+      expect(findAllDropdownItems()).toHaveLength(0);
+
+      await findSearchBox().vm.$emit('input', 'name');
+      await waitForPromises();
+
+      expect(findAllDropdownItems()).toHaveLength(2);
+    });
+
+    it('renders skeleton loader before returning the promises', async () => {
+      expect(findSkeletonLoader().exists()).toBe(false);
+
+      await findSearchBox().vm.$emit('input', 'name');
+
+      expect(findSkeletonLoader().exists()).toBe(true);
+    });
+
+    it('triggers api calls using skipGroupIds and skipUserIds', async () => {
+      const searchTerm = 'name';
+      jest.spyOn(Api, 'projectUsers');
+      jest.spyOn(Api, 'projectGroups');
+
+      await findSearchBox().vm.$emit('input', searchTerm);
+
+      expect(Api.projectGroups).toHaveBeenCalledWith(
+        PROJECT_ID,
+        expect.objectContaining({ skip_groups: SKIP_GROUP_IDS }),
+      );
+      expect(Api.projectUsers).toHaveBeenCalledWith(
+        PROJECT_ID,
+        searchTerm,
+        expect.objectContaining({ skip_users: SKIP_USER_IDS }),
+      );
+    });
+  });
+
+  describe('when the Api response is a 404', () => {
+    beforeEach(() => {
+      mock = new MockAdapter(axios);
+      mock.onGet('/api/undefined/projects/1/users').reply(404);
+      mock.onGet('/api/undefined/projects/1/groups.json').reply(404);
+      factory({}, {}, mount);
+    });
+
+    afterEach(() => {
+      mock.restore();
+    });
+
+    it('emits an apiError with the error message', async () => {
+      await findSearchBox().vm.$emit('input', 'name');
+      await waitForPromises();
+
+      expect(wrapper.emitted().apiError).toEqual([['Request failed with status code 404']]);
+    });
+  });
+});
diff --git a/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
index f77652422302f5..c656cd438e995e 100644
--- a/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
+++ b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
@@ -3,6 +3,7 @@ import { mount } from '@vue/test-utils';
 import { nextTick } from 'vue';
 import ApproverDeletableAvatar from 'ee/threat_monitoring/components/policy_editor/approver_deletable_avatar.vue';
 import PolicyActionBuilder from 'ee/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue';
+import ApproversSelectDropdown from 'ee/threat_monitoring/components/policy_editor/approvers_select_dropdown.vue';
 
 const APPROVER_1 = {
   id: 1,
@@ -22,6 +23,15 @@ const APPROVER_2 = {
   avatar_url: '',
 };
 
+const NEW_APPROVER = {
+  id: 3,
+  name: 'name2',
+  state: 'active',
+  username: 'username2',
+  web_url: '',
+  avatar_url: '',
+};
+
 const APPROVERS = [APPROVER_1, APPROVER_2];
 
 const APPROVERS_IDS = APPROVERS.map((approver) => approver.id);
@@ -49,7 +59,7 @@ describe('PolicyActionBuilder', () => {
 
   const findApprovalsRequiredInput = () => wrapper.findComponent(GlFormInput);
   const findAllDeletableAvatars = () => wrapper.findAllComponents(ApproverDeletableAvatar);
-  const findAddApproverBtn = () => wrapper.find('[data-testid="add-approver"]');
+  const findAddApproverDropdown = () => wrapper.findComponent(ApproversSelectDropdown);
 
   it('renders approvals required form input, the deletable avatars and add approver button', async () => {
     factory();
@@ -57,7 +67,7 @@ describe('PolicyActionBuilder', () => {
 
     expect(findApprovalsRequiredInput().exists()).toBe(true);
     expect(findAllDeletableAvatars().length).toBe(APPROVERS.length);
-    expect(findAddApproverBtn().exists()).toBe(true);
+    expect(findAddApproverDropdown().exists()).toBe(true);
   });
 
   it('triggers an update when changing approvals required', async () => {
@@ -95,4 +105,25 @@ describe('PolicyActionBuilder', () => {
     ]);
     expect(findAllDeletableAvatars()).toHaveLength(APPROVERS.length - 1);
   });
+
+  it('adds one approver deletable avatar when triggering a new user is selected', async () => {
+    factory();
+    await nextTick();
+    const alldeletableAvatars = findAllDeletableAvatars();
+
+    expect(alldeletableAvatars.length).toBe(APPROVERS.length);
+
+    await findAddApproverDropdown().vm.$emit('selected', { ...NEW_APPROVER, type: 'user' });
+
+    expect(wrapper.emitted().changed).toEqual([
+      [
+        {
+          approvals_required: ACTION.approvals_required,
+          user_approvers_ids: [APPROVER_1.id, APPROVER_2.id, NEW_APPROVER.id],
+          group_approvers_ids: [],
+        },
+      ],
+    ]);
+    expect(findAllDeletableAvatars()).toHaveLength(APPROVERS.length + 1);
+  });
 });
-- 
GitLab


From 7cc73c2ea99f59ae1214ceb84d25d1058f2ea0f2 Mon Sep 17 00:00:00 2001
From: Zamir Martins Filho <zfilho@gitlab.com>
Date: Fri, 11 Feb 2022 15:40:57 -0500
Subject: [PATCH 3/5] Address UX reviews

by replacing custom container by gl-token.
---
 .../approver_deletable_avatar.vue             | 30 -------
 .../policy_action_builder.vue                 | 51 ++++++++---
 .../approver_deletable_avatar_spec.js         | 87 -------------------
 .../policy_action_builder_spec.js             | 29 +++----
 locale/gitlab.pot                             |  9 ++
 5 files changed, 60 insertions(+), 146 deletions(-)
 delete mode 100644 ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approver_deletable_avatar.vue
 delete mode 100644 ee/spec/frontend/threat_monitoring/components/policy_editor/approver_deletable_avatar_spec.js

diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approver_deletable_avatar.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approver_deletable_avatar.vue
deleted file mode 100644
index 8b8715f91fdd9b..00000000000000
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approver_deletable_avatar.vue
+++ /dev/null
@@ -1,30 +0,0 @@
-<script>
-import ApproversListItem from 'ee/approvals/components/approvers_list_item.vue';
-
-export default {
-  extends: ApproversListItem,
-};
-</script>
-
-<template>
-  <div
-    class="gl-bg-gray-100 gl-border-1 gl-border-gray-100 gl-rounded-base px-1 pt-1 gl-relative gl-pb-1 gl-display-inline-flex"
-  >
-    <gl-avatar-labeled
-      :shape="avatarShape"
-      :src="approver.avatar_url"
-      :size="24"
-      :label="displayName"
-      :entity-name="approver.name"
-      :alt="approver.name"
-    />
-    <gl-button
-      :aria-label="$options.i18n.removeApproverText"
-      class="gl-ml-2"
-      variant="link"
-      data-testid="remove-rule"
-      icon="close"
-      @click="$emit('input', approver)"
-    />
-  </div>
-</template>
diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
index ddac33b1dd7459..883df9c1d8d710 100644
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
@@ -1,17 +1,25 @@
 <script>
-import { GlSprintf, GlForm, GlFormInput, GlModalDirective } from '@gitlab/ui';
+import {
+  GlSprintf,
+  GlForm,
+  GlFormInput,
+  GlModalDirective,
+  GlToken,
+  GlAvatarLabeled,
+} from '@gitlab/ui';
 import { s__ } from '~/locale';
-import ApproverDeletableAvatar from '../approver_deletable_avatar.vue';
+import { AVATAR_SHAPE_OPTION_CIRCLE, AVATAR_SHAPE_OPTION_RECT } from '~/vue_shared/constants';
 import ApproversSelectDropdown from '../approvers_select_dropdown.vue';
-import { groupApprovers, decomposeApprovers, groupIds, userIds } from './lib/actions';
+import { groupApprovers, decomposeApprovers, groupIds, userIds, USER_TYPE } from './lib/actions';
 
 export default {
   components: {
     GlSprintf,
     GlForm,
     GlFormInput,
-    ApproverDeletableAvatar,
     ApproversSelectDropdown,
+    GlToken,
+    GlAvatarLabeled,
   },
   directives: {
     GlModalDirective,
@@ -34,11 +42,6 @@ export default {
     };
   },
   computed: {
-    sprintfTemplate() {
-      return s__(
-        'ScanResultPolicy|%{thenLabelStart}Then%{thenLabelEnd} Require approval from %{approvalsRequired} of the following approvers: %{approvers}',
-      );
-    },
     groupIds() {
       return groupIds(this.approvers);
     },
@@ -69,10 +72,22 @@ export default {
     selectedApprover(approver) {
       this.approvers.push(approver);
     },
+    avatarShape(approver) {
+      return this.isUser(approver) ? AVATAR_SHAPE_OPTION_CIRCLE : AVATAR_SHAPE_OPTION_RECT;
+    },
+    approverName(approver) {
+      return this.isUser(approver) ? approver.name : approver.full_path;
+    },
+    isUser(approver) {
+      return approver.type === USER_TYPE;
+    },
   },
   i18n: {
     addAnApprover: s__('ScanResultPolicy|add an approver'),
   },
+  humanizedTemplate: s__(
+    'ScanResultPolicy|%{thenLabelStart}Then%{thenLabelEnd} Require approval from %{approvalsRequired} of the following approvers: %{approvers}',
+  ),
 };
 </script>
 
@@ -81,7 +96,7 @@ export default {
     class="gl-bg-gray-10 gl-border-solid gl-border-1 gl-border-gray-100 gl-rounded-base px-3 pt-3 gl-relative gl-pb-4"
   >
     <gl-form inline @submit.prevent>
-      <gl-sprintf :message="sprintfTemplate">
+      <gl-sprintf :message="$options.humanizedTemplate">
         <template #thenLabel="{ content }">
           <label for="approvalRequired" class="text-uppercase gl-font-lg gl-mr-3">{{
             content
@@ -100,13 +115,21 @@ export default {
         </template>
 
         <template #approvers>
-          <approver-deletable-avatar
+          <gl-token
             v-for="approver in approvers"
             :key="approver.type + approver.id"
             class="gl-ml-3"
-            :approver="approver"
-            @input="removeApprover"
-          />
+            @close="removeApprover(approver)"
+          >
+            <gl-avatar-labeled
+              :src="approver.avatar_url"
+              :size="24"
+              :shape="avatarShape(approver)"
+              :label="approverName(approver)"
+              :entity-name="approver.name"
+              :alt="approver.name"
+            />
+          </gl-token>
           <approvers-select-dropdown
             class="gl-m-2"
             :skip-user-ids="userIds"
diff --git a/ee/spec/frontend/threat_monitoring/components/policy_editor/approver_deletable_avatar_spec.js b/ee/spec/frontend/threat_monitoring/components/policy_editor/approver_deletable_avatar_spec.js
deleted file mode 100644
index e3a0b20acda386..00000000000000
--- a/ee/spec/frontend/threat_monitoring/components/policy_editor/approver_deletable_avatar_spec.js
+++ /dev/null
@@ -1,87 +0,0 @@
-import { GlButton, GlAvatarLabeled } from '@gitlab/ui';
-import { shallowMount } from '@vue/test-utils';
-import ApproverDeletableAvatar from 'ee/threat_monitoring/components/policy_editor/approver_deletable_avatar.vue';
-import { TYPE_USER, TYPE_GROUP } from 'ee/approvals/constants';
-
-const TEST_USER = {
-  id: 1,
-  type: TYPE_USER,
-  name: 'Lorem Ipsum',
-  avatar_url: '/asd/1',
-};
-const TEST_GROUP = {
-  id: 1,
-  type: TYPE_GROUP,
-  name: 'Lorem Group',
-  full_path: 'dolar/sit/amit',
-  avatar_url: '/asd/2',
-};
-
-describe('ApproverDeletableAvatar', () => {
-  let wrapper;
-
-  const factory = (options = {}) => {
-    wrapper = shallowMount(ApproverDeletableAvatar, {
-      ...options,
-    });
-  };
-
-  const findAvatar = () => wrapper.findComponent(GlAvatarLabeled);
-  const findRemoveButton = () => wrapper.findComponent(GlButton);
-
-  describe('when user', () => {
-    beforeEach(() => {
-      factory({
-        propsData: {
-          approver: TEST_USER,
-        },
-      });
-    });
-
-    it('renders GlAvatar for user', () => {
-      const avatar = findAvatar();
-      expect(avatar.exists()).toBe(true);
-      expect(avatar.attributes()).toMatchObject({
-        'entity-name': TEST_USER.name,
-        src: TEST_USER.avatar_url,
-        shape: 'circle',
-        alt: TEST_USER.name,
-      });
-      expect(avatar.props('label')).toBe(TEST_USER.name);
-    });
-
-    it('when remove clicked, emits remove', async () => {
-      await findRemoveButton().vm.$emit('click');
-
-      expect(wrapper.emitted().input).toEqual([[TEST_USER]]);
-    });
-  });
-
-  describe('when group', () => {
-    beforeEach(() => {
-      factory({
-        propsData: {
-          approver: TEST_GROUP,
-        },
-      });
-    });
-
-    it('renders ProjectAvatar for group', () => {
-      const avatar = findAvatar();
-      expect(avatar.exists()).toBe(true);
-      expect(avatar.attributes()).toMatchObject({
-        'entity-name': TEST_GROUP.name,
-        src: TEST_GROUP.avatar_url,
-        shape: 'rect',
-        alt: TEST_GROUP.name,
-      });
-      expect(avatar.props('label')).toBe(TEST_GROUP.full_path);
-    });
-
-    it('when remove clicked, emits remove', async () => {
-      await findRemoveButton().vm.$emit('click');
-
-      expect(wrapper.emitted().input).toEqual([[TEST_GROUP]]);
-    });
-  });
-});
diff --git a/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
index c656cd438e995e..72a7789a8ec6db 100644
--- a/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
+++ b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
@@ -1,7 +1,6 @@
-import { GlFormInput } from '@gitlab/ui';
+import { GlFormInput, GlToken } from '@gitlab/ui';
 import { mount } from '@vue/test-utils';
 import { nextTick } from 'vue';
-import ApproverDeletableAvatar from 'ee/threat_monitoring/components/policy_editor/approver_deletable_avatar.vue';
 import PolicyActionBuilder from 'ee/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue';
 import ApproversSelectDropdown from 'ee/threat_monitoring/components/policy_editor/approvers_select_dropdown.vue';
 
@@ -58,15 +57,15 @@ describe('PolicyActionBuilder', () => {
   };
 
   const findApprovalsRequiredInput = () => wrapper.findComponent(GlFormInput);
-  const findAllDeletableAvatars = () => wrapper.findAllComponents(ApproverDeletableAvatar);
+  const findAllGlTokens = () => wrapper.findAllComponents(GlToken);
   const findAddApproverDropdown = () => wrapper.findComponent(ApproversSelectDropdown);
 
-  it('renders approvals required form input, the deletable avatars and add approver button', async () => {
+  it('renders approvals required form input, gl-tokens and add approver button', async () => {
     factory();
     await nextTick();
 
     expect(findApprovalsRequiredInput().exists()).toBe(true);
-    expect(findAllDeletableAvatars().length).toBe(APPROVERS.length);
+    expect(findAllGlTokens().length).toBe(APPROVERS.length);
     expect(findAddApproverDropdown().exists()).toBe(true);
   });
 
@@ -84,15 +83,15 @@ describe('PolicyActionBuilder', () => {
     ]);
   });
 
-  it('removes one approver when triggering a deletable avatar', async () => {
+  it('removes one approver when triggering a gl-token', async () => {
     factory();
     await nextTick();
-    const alldeletableAvatars = findAllDeletableAvatars();
-    const deletableAvatar = alldeletableAvatars.at(0);
+    const allGlTokens = findAllGlTokens();
+    const glToken = allGlTokens.at(0);
 
-    expect(alldeletableAvatars.length).toBe(APPROVERS.length);
+    expect(allGlTokens.length).toBe(APPROVERS.length);
 
-    await deletableAvatar.vm.$emit('input', { ...APPROVER_1, type: 'user' });
+    await glToken.vm.$emit('close', { ...APPROVER_1, type: 'user' });
 
     expect(wrapper.emitted().changed).toEqual([
       [
@@ -103,15 +102,15 @@ describe('PolicyActionBuilder', () => {
         },
       ],
     ]);
-    expect(findAllDeletableAvatars()).toHaveLength(APPROVERS.length - 1);
+    expect(findAllGlTokens()).toHaveLength(APPROVERS.length - 1);
   });
 
-  it('adds one approver deletable avatar when triggering a new user is selected', async () => {
+  it('adds one approver gl-token when triggering a new user is selected', async () => {
     factory();
     await nextTick();
-    const alldeletableAvatars = findAllDeletableAvatars();
+    const allGlTokens = findAllGlTokens();
 
-    expect(alldeletableAvatars.length).toBe(APPROVERS.length);
+    expect(allGlTokens.length).toBe(APPROVERS.length);
 
     await findAddApproverDropdown().vm.$emit('selected', { ...NEW_APPROVER, type: 'user' });
 
@@ -124,6 +123,6 @@ describe('PolicyActionBuilder', () => {
         },
       ],
     ]);
-    expect(findAllDeletableAvatars()).toHaveLength(APPROVERS.length + 1);
+    expect(findAllGlTokens()).toHaveLength(APPROVERS.length + 1);
   });
 });
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 23ffb2c1bdd399..6b0bc52dc1c60c 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -4618,6 +4618,15 @@ msgstr ""
 msgid "Approvers from private group(s) not shown"
 msgstr ""
 
+msgid "ApproversSelectDropdown|No matching results"
+msgstr ""
+
+msgid "ApproversSelectDropdown|Search users or groups"
+msgstr ""
+
+msgid "ApproversSelectDropdown|add an approver"
+msgstr ""
+
 msgid "Apr"
 msgstr ""
 
-- 
GitLab


From d3f8d1b43230e63f7a31880b1923fbeffe082361 Mon Sep 17 00:00:00 2001
From: Zamir Martins Filho <zfilho@gitlab.com>
Date: Fri, 11 Feb 2022 16:23:16 -0500
Subject: [PATCH 4/5] Addresses frontend reviewer

by extracting raw operations into constants as part of the
tests, replacing css classes by more consistent ones.
---
 .../scan_result_policy/policy_action_builder.vue   |  2 +-
 .../policy_action_builder_spec.js                  | 14 +++++++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
index 883df9c1d8d710..f9f96fed92bb67 100644
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
@@ -93,7 +93,7 @@ export default {
 
 <template>
   <div
-    class="gl-bg-gray-10 gl-border-solid gl-border-1 gl-border-gray-100 gl-rounded-base px-3 pt-3 gl-relative gl-pb-4"
+    class="gl-bg-gray-10 gl-border-solid gl-border-1 gl-border-gray-100 gl-rounded-base gl-px-5! gl-pt-5! gl-relative gl-pb-4"
   >
     <gl-form inline @submit.prevent>
       <gl-sprintf :message="$options.humanizedTemplate">
diff --git a/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
index 72a7789a8ec6db..dfaf0267bdc1a4 100644
--- a/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
+++ b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
@@ -70,24 +70,26 @@ describe('PolicyActionBuilder', () => {
   });
 
   it('triggers an update when changing approvals required', async () => {
-    const newValue = ACTION.approvals_required + 1;
     factory();
     await nextTick();
 
+    const approvalRequestPlusOne = ACTION.approvals_required + 1;
     const formInput = findApprovalsRequiredInput();
 
-    await formInput.vm.$emit('input', newValue);
+    await formInput.vm.$emit('input', approvalRequestPlusOne);
 
     expect(wrapper.emitted().changed).toEqual([
-      [{ approvals_required: newValue, user_approvers_ids: APPROVERS_IDS }],
+      [{ approvals_required: approvalRequestPlusOne, user_approvers_ids: APPROVERS_IDS }],
     ]);
   });
 
   it('removes one approver when triggering a gl-token', async () => {
     factory();
     await nextTick();
+
     const allGlTokens = findAllGlTokens();
     const glToken = allGlTokens.at(0);
+    const approversLengthMinusOne = APPROVERS.length - 1;
 
     expect(allGlTokens.length).toBe(APPROVERS.length);
 
@@ -102,13 +104,15 @@ describe('PolicyActionBuilder', () => {
         },
       ],
     ]);
-    expect(findAllGlTokens()).toHaveLength(APPROVERS.length - 1);
+    expect(findAllGlTokens()).toHaveLength(approversLengthMinusOne);
   });
 
   it('adds one approver gl-token when triggering a new user is selected', async () => {
     factory();
     await nextTick();
+
     const allGlTokens = findAllGlTokens();
+    const approversLengthPlusOne = APPROVERS.length + 1;
 
     expect(allGlTokens.length).toBe(APPROVERS.length);
 
@@ -123,6 +127,6 @@ describe('PolicyActionBuilder', () => {
         },
       ],
     ]);
-    expect(findAllGlTokens()).toHaveLength(APPROVERS.length + 1);
+    expect(findAllGlTokens()).toHaveLength(approversLengthPlusOne);
   });
 });
-- 
GitLab


From b6c00e17744b7d9d6c003677b7cd7aa9ae34c8aa Mon Sep 17 00:00:00 2001
From: Zamir Martins Filho <zfilho@gitlab.com>
Date: Mon, 14 Feb 2022 14:53:59 -0500
Subject: [PATCH 5/5] Extract approvers select dropdown

into its own MR in order to keep this MR from
getting too large.
---
 .../approvers_select_dropdown.vue             | 163 -------------
 .../policy_action_builder.vue                 |  21 +-
 .../approvers_select_dropdown_spec.js         | 220 ------------------
 .../policy_action_builder_spec.js             |  37 +--
 locale/gitlab.pot                             |   9 -
 5 files changed, 2 insertions(+), 448 deletions(-)
 delete mode 100644 ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approvers_select_dropdown.vue
 delete mode 100644 ee/spec/frontend/threat_monitoring/components/policy_editor/approvers_select_dropdown_spec.js

diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approvers_select_dropdown.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approvers_select_dropdown.vue
deleted file mode 100644
index d9ceff100af92a..00000000000000
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/approvers_select_dropdown.vue
+++ /dev/null
@@ -1,163 +0,0 @@
-<script>
-import {
-  GlDropdown,
-  GlIcon,
-  GlSearchBoxByType,
-  GlSkeletonLoader,
-  GlAvatarLabeled,
-  GlDropdownItem,
-} from '@gitlab/ui';
-import { s__ } from '~/locale';
-import Api from 'ee/api';
-import { AVATAR_SHAPE_OPTION_CIRCLE, AVATAR_SHAPE_OPTION_RECT } from '~/vue_shared/constants';
-import { groupApprovers, USER_TYPE } from './scan_result_policy/lib/actions';
-
-const MINIMUM_ALLOWED = 1;
-const DEVELOPER_ACCESS_LEVEL = 30;
-const DEBOUNCE_DELAY = 250;
-
-export default {
-  components: {
-    GlDropdown,
-    GlIcon,
-    GlSearchBoxByType,
-    GlSkeletonLoader,
-    GlAvatarLabeled,
-    GlDropdownItem,
-  },
-  DEBOUNCE_DELAY,
-  i18n: {
-    addAnApprover: s__('ApproversSelectDropdown|add an approver'),
-    noResults: s__('ApproversSelectDropdown|No matching results'),
-    placeholder: s__('ApproversSelectDropdown|Search users or groups'),
-  },
-  inject: ['projectId'],
-  props: {
-    skipGroupIds: {
-      type: Array,
-      required: true,
-    },
-    skipUserIds: {
-      type: Array,
-      required: true,
-    },
-  },
-  data: () => {
-    return {
-      returnedItems: [],
-      searchValue: '',
-      loading: false,
-    };
-  },
-  computed: {
-    hasItems() {
-      return this.returnedItems.length > 0;
-    },
-  },
-  methods: {
-    label(item) {
-      return this.isUser(item) ? item.name : item.full_name;
-    },
-    subLabel(item) {
-      return this.isUser(item) ? `@${item.username}` : item.full_path;
-    },
-    avatarShape(item) {
-      return this.isUser(item) ? AVATAR_SHAPE_OPTION_CIRCLE : AVATAR_SHAPE_OPTION_RECT;
-    },
-    onHide() {
-      this.searchValue = '';
-      this.returnedItems = [];
-    },
-    isUser(item) {
-      return item.type === USER_TYPE;
-    },
-    onClick(index) {
-      this.$emit('selected', this.returnedItems[index]);
-    },
-    async filterItems(value) {
-      this.loading = true;
-      try {
-        const response = await this.fetchGroupsAndUsers(value);
-        this.returnedItems = groupApprovers(response);
-      } catch (error) {
-        this.returnedItems = [];
-        this.$emit('apiError', error.message);
-      } finally {
-        this.loading = false;
-      }
-    },
-    async fetchGroupsAndUsers(term) {
-      const groupsAsync = this.fetchGroups(term);
-      const usersAsync = this.fetchUsers(term);
-
-      const response = await Promise.all([groupsAsync, usersAsync]);
-      return [...response[0], ...response[1]];
-    },
-    async fetchGroups(term) {
-      const hasTerm = term.trim().length > MINIMUM_ALLOWED;
-
-      return Api.projectGroups(this.projectId, {
-        skip_groups: this.skipGroupIds,
-        ...(hasTerm ? { search: term } : {}),
-        with_shared: true,
-        shared_visible_only: true,
-        shared_min_access_level: DEVELOPER_ACCESS_LEVEL,
-      });
-    },
-    async fetchUsers(term) {
-      const newTerm = term.trim().length > MINIMUM_ALLOWED ? term.trim() : '';
-      return Api.projectUsers(this.projectId, newTerm, {
-        skip_users: this.skipUserIds,
-      });
-    },
-  },
-};
-</script>
-
-<template>
-  <gl-dropdown
-    variant="link"
-    class="gl-max-w-full"
-    toggle-class="gl-max-w-full gl-align-items-center gl-text-truncate"
-    boundary="viewport"
-    @hide="onHide"
-  >
-    <template #header>
-      <gl-search-box-by-type
-        v-model="searchValue"
-        :debounce="$options.DEBOUNCE_DELAY"
-        class="gl-display-grid"
-        :placeholder="$options.i18n.placeholder"
-        @input="filterItems"
-      />
-    </template>
-    <template #button-content>
-      <gl-icon name="plus" class="gl-mr-2" />
-      {{ $options.i18n.addAnApprover }}
-    </template>
-    <div v-if="loading" class="gl-px-5">
-      <gl-skeleton-loader :width="400" :height="172">
-        <rect width="380" height="20" x="10" y="15" rx="4" />
-        <rect width="280" height="20" x="10" y="50" rx="4" />
-        <rect width="330" height="20" x="10" y="85" rx="4" />
-      </gl-skeleton-loader>
-    </div>
-    <gl-dropdown-item
-      v-for="(item, index) in returnedItems"
-      v-else-if="hasItems"
-      :key="index"
-      @click="onClick(index)"
-    >
-      <gl-avatar-labeled
-        :size="32"
-        :shape="avatarShape(item)"
-        :label="label(item)"
-        :sub-label="subLabel(item)"
-        :src="item.avatar_url"
-        :entity-name="item.name"
-        :alt="item.name"
-      />
-    </gl-dropdown-item>
-    <p v-else class="gl-mx-5" data-testid="no-results">{{ $options.i18n.noResults }}</p>
-  </gl-dropdown>
-</template>
diff --git a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
index f9f96fed92bb67..c1fd280427af1f 100644
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue
@@ -9,15 +9,13 @@ import {
 } from '@gitlab/ui';
 import { s__ } from '~/locale';
 import { AVATAR_SHAPE_OPTION_CIRCLE, AVATAR_SHAPE_OPTION_RECT } from '~/vue_shared/constants';
-import ApproversSelectDropdown from '../approvers_select_dropdown.vue';
-import { groupApprovers, decomposeApprovers, groupIds, userIds, USER_TYPE } from './lib/actions';
+import { groupApprovers, decomposeApprovers, USER_TYPE } from './lib/actions';
 
 export default {
   components: {
     GlSprintf,
     GlForm,
     GlFormInput,
-    ApproversSelectDropdown,
     GlToken,
     GlAvatarLabeled,
   },
@@ -41,14 +39,6 @@ export default {
       approvers: groupApprovers(this.existingApprovers),
     };
   },
-  computed: {
-    groupIds() {
-      return groupIds(this.approvers);
-    },
-    userIds() {
-      return userIds(this.approvers);
-    },
-  },
   watch: {
     approvers(values) {
       this.action = decomposeApprovers(this.action, values);
@@ -69,9 +59,6 @@ export default {
         (approver) => approver.type !== removedApprover.type || approver.id !== removedApprover.id,
       );
     },
-    selectedApprover(approver) {
-      this.approvers.push(approver);
-    },
     avatarShape(approver) {
       return this.isUser(approver) ? AVATAR_SHAPE_OPTION_CIRCLE : AVATAR_SHAPE_OPTION_RECT;
     },
@@ -130,12 +117,6 @@ export default {
               :alt="approver.name"
             />
           </gl-token>
-          <approvers-select-dropdown
-            class="gl-m-2"
-            :skip-user-ids="userIds"
-            :skip-group-ids="groupIds"
-            @selected="selectedApprover"
-          />
         </template>
       </gl-sprintf>
     </gl-form>
diff --git a/ee/spec/frontend/threat_monitoring/components/policy_editor/approvers_select_dropdown_spec.js b/ee/spec/frontend/threat_monitoring/components/policy_editor/approvers_select_dropdown_spec.js
deleted file mode 100644
index fe959263252b6f..00000000000000
--- a/ee/spec/frontend/threat_monitoring/components/policy_editor/approvers_select_dropdown_spec.js
+++ /dev/null
@@ -1,220 +0,0 @@
-import {
-  GlDropdown,
-  GlSearchBoxByType,
-  GlSkeletonLoader,
-  GlAvatarLabeled,
-  GlDropdownItem,
-} from '@gitlab/ui';
-import { mount, shallowMount } from '@vue/test-utils';
-import MockAdapter from 'axios-mock-adapter';
-import ApproversSelectDropdown from 'ee/threat_monitoring/components/policy_editor/approvers_select_dropdown.vue';
-import axios from '~/lib/utils/axios_utils';
-import waitForPromises from 'helpers/wait_for_promises';
-import Api from 'ee/api';
-
-const USER_DATA_RAW = {
-  id: 1,
-  name: 'userName',
-  username: 'userName',
-  state: 'active',
-  avatar_url: '',
-  web_url: '',
-};
-const GROUP_DATA_RAW = {
-  id: 1,
-  name: 'name',
-  full_path: 'full_path',
-  full_name: 'full_name',
-  avatar_url: '',
-  web_url: '',
-};
-
-const USER_DATA = { ...USER_DATA_RAW, type: 'user' };
-const GROUP_DATA = { ...GROUP_DATA_RAW, type: 'group' };
-
-const AVATAR_USER_DATA = {
-  alt: 'userName',
-  'entity-name': 'userName',
-  label: 'userName',
-  shape: 'circle',
-  sublabel: '@userName',
-  labellink: '',
-  size: '32',
-  src: '',
-  sublabellink: '',
-};
-const AVATAR_GROUP_DATA = {
-  alt: 'name',
-  'entity-name': 'name',
-  label: 'full_name',
-  shape: 'rect',
-  sublabel: 'full_path',
-  labellink: '',
-  size: '32',
-  src: '',
-  sublabellink: '',
-};
-
-const SKIP_GROUP_IDS = [2];
-const SKIP_USER_IDS = [3];
-
-const PROJECT_ID = '1';
-
-describe('ApproversSelectDropdown', () => {
-  let mock;
-
-  let wrapper;
-
-  const factory = (propsData = {}, data = {}, mountFunc = shallowMount) => {
-    wrapper = mountFunc(ApproversSelectDropdown, {
-      propsData: {
-        skipGroupIds: SKIP_GROUP_IDS,
-        skipUserIds: SKIP_USER_IDS,
-        ...propsData,
-      },
-      data() {
-        return {
-          ...data,
-        };
-      },
-      provide: {
-        projectId: PROJECT_ID,
-      },
-    });
-  };
-
-  afterEach(() => {
-    wrapper.destroy();
-  });
-
-  const findAllDropdownItems = () => wrapper.findAllComponents(GlDropdownItem);
-  const findAllAvatarLabeled = () => wrapper.findAllComponents(GlAvatarLabeled);
-  const findDropdown = () => wrapper.findComponent(GlDropdown);
-  const findSearchBox = () => wrapper.findComponent(GlSearchBoxByType);
-  const findSkeletonLoader = () => wrapper.findComponent(GlSkeletonLoader);
-  const findNoResultText = () => wrapper.find('[data-testid="no-results"]');
-
-  describe.each`
-    isLoading | showsNoResult | showsSkeletonLoader | showsItems | existingItems
-    ${false}  | ${true}       | ${false}            | ${false}   | ${[]}
-    ${false}  | ${false}      | ${false}            | ${true}    | ${[USER_DATA]}
-    ${true}   | ${false}      | ${true}             | ${false}   | ${[]}
-    ${true}   | ${false}      | ${true}             | ${false}   | ${[USER_DATA]}
-  `(
-    'when loading equals to $isLoading and there are $existingItems.length existing items',
-    ({ isLoading, showsNoResult, showsSkeletonLoader, showsItems, existingItems }) => {
-      beforeEach(() => {
-        factory({}, { loading: isLoading, returnedItems: existingItems });
-      });
-
-      it(`renders the dropdown ${showsItems ? 'with' : 'without'} items`, () => {
-        expect(findDropdown().exists()).toBe(true);
-        expect(findAllDropdownItems().exists()).toBe(showsItems);
-      });
-
-      it(`does ${showsNoResult ? '' : 'not'} render no matching results text`, () => {
-        expect(findNoResultText().exists()).toBe(showsNoResult);
-      });
-
-      it(`does ${showsSkeletonLoader ? '' : 'not'} render skeleton loader`, () => {
-        expect(findSkeletonLoader().exists()).toBe(showsSkeletonLoader);
-      });
-
-      it(`does ${showsItems ? '' : 'not'} render the avatar labeled`, () => {
-        expect(findAllAvatarLabeled().exists()).toBe(showsItems);
-      });
-    },
-  );
-
-  describe.each`
-    existingItems              | expectedAvatarAttributes
-    ${[USER_DATA]}             | ${[AVATAR_USER_DATA]}
-    ${[GROUP_DATA]}            | ${[AVATAR_GROUP_DATA]}
-    ${[USER_DATA, GROUP_DATA]} | ${[AVATAR_USER_DATA, AVATAR_GROUP_DATA]}
-  `('with user and/or group data', ({ existingItems, expectedAvatarAttributes }) => {
-    it('renders the avatar labeled for $existingItems[0].type', () => {
-      factory({}, { returnedItems: existingItems });
-
-      expect(findAllAvatarLabeled()).toHaveLength(existingItems.length);
-      expect(findAllAvatarLabeled().wrappers.map((avatar) => avatar.attributes())).toEqual(
-        expectedAvatarAttributes,
-      );
-    });
-  });
-
-  it('triggers selected when a dropdown item is clicked', async () => {
-    factory({}, { returnedItems: [USER_DATA] });
-
-    await findAllDropdownItems().at(0).vm.$emit('click');
-
-    expect(wrapper.emitted().selected).toEqual([[USER_DATA]]);
-  });
-
-  describe('when search box input is changed', () => {
-    beforeEach(() => {
-      mock = new MockAdapter(axios);
-      mock.onGet('/api/undefined/projects/1/users').reply(200, [USER_DATA_RAW]);
-      mock.onGet('/api/undefined/projects/1/groups.json').reply(200, [GROUP_DATA_RAW]);
-      factory({}, {}, mount);
-    });
-
-    afterEach(() => {
-      mock.restore();
-    });
-
-    it('updates the dropdown items', async () => {
-      expect(findAllDropdownItems()).toHaveLength(0);
-
-      await findSearchBox().vm.$emit('input', 'name');
-      await waitForPromises();
-
-      expect(findAllDropdownItems()).toHaveLength(2);
-    });
-
-    it('renders skeleton loader before returning the promises', async () => {
-      expect(findSkeletonLoader().exists()).toBe(false);
-
-      await findSearchBox().vm.$emit('input', 'name');
-
-      expect(findSkeletonLoader().exists()).toBe(true);
-    });
-
-    it('triggers api calls using skipGroupIds and skipUserIds', async () => {
-      const searchTerm = 'name';
-      jest.spyOn(Api, 'projectUsers');
-      jest.spyOn(Api, 'projectGroups');
-
-      await findSearchBox().vm.$emit('input', searchTerm);
-
-      expect(Api.projectGroups).toHaveBeenCalledWith(
-        PROJECT_ID,
-        expect.objectContaining({ skip_groups: SKIP_GROUP_IDS }),
-      );
-      expect(Api.projectUsers).toHaveBeenCalledWith(
-        PROJECT_ID,
-        searchTerm,
-        expect.objectContaining({ skip_users: SKIP_USER_IDS }),
-      );
-    });
-  });
-
-  describe('when the Api response is a 404', () => {
-    beforeEach(() => {
-      mock = new MockAdapter(axios);
-      mock.onGet('/api/undefined/projects/1/users').reply(404);
-      mock.onGet('/api/undefined/projects/1/groups.json').reply(404);
-      factory({}, {}, mount);
-    });
-
-    afterEach(() => {
-      mock.restore();
-    });
-
-    it('emits an apiError with the error message', async () => {
-      await findSearchBox().vm.$emit('input', 'name');
-      await waitForPromises();
-
-      expect(wrapper.emitted().apiError).toEqual([['Request failed with status code 404']]);
-    });
-  });
-});
diff --git a/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
index dfaf0267bdc1a4..7ea45de359046b 100644
--- a/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
+++ b/ee/spec/frontend/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder_spec.js
@@ -2,7 +2,6 @@ import { GlFormInput, GlToken } from '@gitlab/ui';
 import { mount } from '@vue/test-utils';
 import { nextTick } from 'vue';
 import PolicyActionBuilder from 'ee/threat_monitoring/components/policy_editor/scan_result_policy/policy_action_builder.vue';
-import ApproversSelectDropdown from 'ee/threat_monitoring/components/policy_editor/approvers_select_dropdown.vue';
 
 const APPROVER_1 = {
   id: 1,
@@ -22,15 +21,6 @@ const APPROVER_2 = {
   avatar_url: '',
 };
 
-const NEW_APPROVER = {
-  id: 3,
-  name: 'name2',
-  state: 'active',
-  username: 'username2',
-  web_url: '',
-  avatar_url: '',
-};
-
 const APPROVERS = [APPROVER_1, APPROVER_2];
 
 const APPROVERS_IDS = APPROVERS.map((approver) => approver.id);
@@ -58,15 +48,13 @@ describe('PolicyActionBuilder', () => {
 
   const findApprovalsRequiredInput = () => wrapper.findComponent(GlFormInput);
   const findAllGlTokens = () => wrapper.findAllComponents(GlToken);
-  const findAddApproverDropdown = () => wrapper.findComponent(ApproversSelectDropdown);
 
-  it('renders approvals required form input, gl-tokens and add approver button', async () => {
+  it('renders approvals required form input, gl-tokens', async () => {
     factory();
     await nextTick();
 
     expect(findApprovalsRequiredInput().exists()).toBe(true);
     expect(findAllGlTokens().length).toBe(APPROVERS.length);
-    expect(findAddApproverDropdown().exists()).toBe(true);
   });
 
   it('triggers an update when changing approvals required', async () => {
@@ -106,27 +94,4 @@ describe('PolicyActionBuilder', () => {
     ]);
     expect(findAllGlTokens()).toHaveLength(approversLengthMinusOne);
   });
-
-  it('adds one approver gl-token when triggering a new user is selected', async () => {
-    factory();
-    await nextTick();
-
-    const allGlTokens = findAllGlTokens();
-    const approversLengthPlusOne = APPROVERS.length + 1;
-
-    expect(allGlTokens.length).toBe(APPROVERS.length);
-
-    await findAddApproverDropdown().vm.$emit('selected', { ...NEW_APPROVER, type: 'user' });
-
-    expect(wrapper.emitted().changed).toEqual([
-      [
-        {
-          approvals_required: ACTION.approvals_required,
-          user_approvers_ids: [APPROVER_1.id, APPROVER_2.id, NEW_APPROVER.id],
-          group_approvers_ids: [],
-        },
-      ],
-    ]);
-    expect(findAllGlTokens()).toHaveLength(approversLengthPlusOne);
-  });
 });
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 6b0bc52dc1c60c..23ffb2c1bdd399 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -4618,15 +4618,6 @@ msgstr ""
 msgid "Approvers from private group(s) not shown"
 msgstr ""
 
-msgid "ApproversSelectDropdown|No matching results"
-msgstr ""
-
-msgid "ApproversSelectDropdown|Search users or groups"
-msgstr ""
-
-msgid "ApproversSelectDropdown|add an approver"
-msgstr ""
-
 msgid "Apr"
 msgstr ""
 
-- 
GitLab