BE: Create GraphQL mutation to create Security Policy Project
Why are we doing this work
We want to be able to create new project to store Scan Execution Policies through GraphQL API mutation to allow project owners do that easily.
New mutation should accept 2 arguments: projectId
(ID of the project for which we are creating Security Policy Project) and name
(name of the desired project).
Newly created project with policies should have permissions defined according to the requirement:
The new project will be pre-configured with all Production Project maintainers added to the new Security Policy Project with Developer permissions
Relevant links
Non-functional requirements
-
Documentation: add GraphQL documentation for new mutation, -
Feature flag: security_orchestration_policies_configuration
the feature and new GraphQL mutation will be hidden behind feature flag, - [-] Performance:
-
Testing: - test if GraphQL mutation is available only when feature flag is enabled,
- test if GraphQL mutation is properly creating new permissions to Maintainers,
- test if GraphQL mutation populates valid error message if there already exists a security policy project for the given project,
-
test if new project has protected default branch to not allow direct push to it,: #335661 (closed)
Implementation plan
-
backend prepare new service Security::SecurityOrchestrationPolicies::ProjectCreateService
to create new project and setup authorization (get all maintainers from current project (in groups or individually) and assign them to new project withDeveloper
max role), -
backend prepare new GraphQL mutation securityPolicyProjectCreate
to create Security Policy Project, that accepts argument:projectPath
(path of the project for which we are creating Security Policy Project) -
backend prepare a new GraphQL mutation securityPolicyProjectAssign
to assign security policy project, that accepts argument:projectPath
(path of the project for which we are assigning Security Policy Project) andsecurityPolicyProjectPath
(path of the security policy project)
Edited by Sashi Kumar Kumaresan