Add `scan_execution_policies` endpoint to the Kubernetes internal API
Why are we doing this work
To facilitate allowing scan execution policies to enforce scans on agents, we need to provide the Agent with an API endpoint which it can use in order to retrieve security policies.
Relevant links
Non-functional requirements
-
Documentation: Document this endpoint in the internal API documentation -
Feature flag: -
Performance: -
Testing: See !69022 (merged) for an example of how this can be tested
Implementation plan
Add a GET internal/kubernetes/modules/starboard_vulnerability/scan_execution_policies
endpoint to the internal API
at ee/lib/ee/api/internal/kubernetes.rb
.
This endpoint will:
- Return a 404 error if the
security_orchestration_policies
feature is not available - Use
PolicyFinder
(to be added with #347066 (closed)) in order to query for the policies affectingagent.project
and return them in the API response.
Edited by Sashi Kumar Kumaresan