An errored scan execution/result policy prevents any scan execution/result policies from showing up in the policy list
Summary
Staging projects do not load Scan Execution or Scan Result policies for users
From @bwill
It turns out that there was a schema violation in the policy YAML:
[ gstg ] production> policy_configuration.policy_configuration_valid?
=> false
[ gstg ] production> policy_configuration.policy_configuration_validation_errors
=> ["property '/scan_result_policy/0/actions/0/user_approvers' is invalid: error_type=minItems"]I opened https://staging.gitlab.com/defend-team-test/policy-scan-profile/-/merge_requests/17 to fix this on the staging project (I'm not a project member).
I don't believe this is a bug, but we can improve the UX here. Currently, the GraphQL resolver returns an empty array if the policy YAML is invalid. Instead, we should return the errors so that these can be shown to the user on the frontend. This is similar to #341418 (closed).
What happened was a scan result policy was initially created with zero user_approvers, then the schema on the backend was updated to require non-zero user_approvers, which broke everything. Because when one tries to create a scan result policy through the policy editor, it won't let you create an MR if leave user_approvers empty, so a user should not be able to get into this position through the UI naturally unless they not use the policy editor modify the policy.yml without having any checks?
Steps to reproduce
- Navigate to a project in staging with Policies set up
- Modify a policy directly from the policy project yml and make it fail a check
- Navigate to
Security & Compliance=>Policies
Example Project
https://staging.gitlab.com/defend-team-test/cnp-alert-demo/-/security/policies
What is the current bug behavior?
query scanExecutionPolicies returns no data for me, unlike everyone else
What is the expected correct behavior?
query scanExecutionPolicies returns data for me, like everyone else
Relevant logs and/or screenshots
| Scenario | Screenshots |
|---|---|
| Policies table |  |
| Graphql request |  |
| Graphql request |  |
| Slack conversation |  |
Possible fixes
-
frontend show an error on the policy list if a policy fails the schema check -
backend if a policy fails a schema check, still show the policies in the policy list
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.