Prevent Vulnerability-Check or License-Check approval rules from being created manually if the required jobs are not configured.
update: read thread - just stop checking - #235934 (comment 680934189)
As a result of #229825 (closed)
We now have a workflow to create Vulnerability-Check and License-Check rules. A user can manually create them as well, but we should prevent them from being able to create a Security Approval rule if they don't have the proper jobs configured.
Currently, they can create them manually. This causes a false sense of feature enablement. For now we persist the unconfigured
row messaging as seen in the screenshots.
If that solution is ideal, we can stick with it and close this issue out.
Note
Not sure on how likely a user would manually create a rule manually.
Blockers?
Clean up error handling for approval rule creation (#235933 (closed))
Current Behavior
When the needed job is NOT configured in security configuration page AND user manually creates the approval rule, we persist the unconfigured row message.
See:
Initial State:
License-Check
- license-scanning job on the security configuration page is NOT configured AND approval rule is NOT defined
User then goes and creates a License-Check rule manually
- Approval rule created, but job is NOT configured. The user see the approval rule enabled but the job is not configured.
Frontend Implementation plan
-
Parse translated error message if License-Check
orVulnerability-Check
can't be created -
Map new server error translation to a client side validation error and add it to https://gitlab.com/gitlab-org/gitlab/-/blob/v13.7.1-ee/ee/app/assets/javascripts/approvals/components/rule_form.vue#L109 -
Add/Update frontend unit tests.
Should look like something like:
if (this.serverValidationErrors.includes('<NEW SERVER VALIDATION MESSAGE>')) {
error = __('<WHAT EVER MESSAGE WE WANT TO MAP IT TO>');
}
** A more detailed explanation is here**
Suggested Follow-UP Improvement options
- Prevent the user from creating the rule manually