Sync merge request approval rules based on scan result policies update
Why are we doing this work
As an application security engineer or compliance manager, I expect that when I make changes to a security approval policy, it will apply to ALL merge requests regardless of whether they were created before or after I make the change.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
backend Reuse the existing process_scan_result_policy_service which currently deletes outdated project approval rules and creates new ones based on scan result policies. -
backend Add sync_report_approver_approval_rules so merge request approval rules will be created/updated based on the recently created project approval rules. This will be the actual syncing. -
backend Create a new service to delete orphans (related to the table approval_merge_request_rule_sources
) merge request approval rules (scan_finding
only). This step will only be required if the number of rules is reduced or if they changed radically. -
documentation Update docs by removing the constraint that once the merge request is created approval rules are not updated if scan result policy changes.
Verification steps
Edited by Zamir Martins