Extend group level policies to support the creation of scan result policies
Why are we doing this work
Currently scan result policies are not supported by the group level security policies.
Relevant links
This will follow the design from this epic with UX team being involved as part of the merge request review process.
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
frontend add support for scan result policies through
POLICY_TYPE_COMPONENT_OPTIONS.scanResult
in new policyee/app/assets/javascripts/security_orchestration/components/policy_editor/new_policy.vue
-
frontend update branch information to be a textbox instead of selected in
ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result_policy/policy_rule_builder.vue
. -
backend extend helper method to include approver information on the group level in
ee/app/helpers/ee/security_orchestration_helper.rb
-
backend extract the approvers method or logic into a concern so it can be extended for groups in
ee/app/controllers/projects/security/policies_controller.rb
-
backend remove the restriction for project found in
ee/app/workers/concerns/update_orchestration_policy_configuration.rb
-
backend replace approval_rules scope from a single project to consider namespace in
ee/app/models/concerns/security/scan_result_policy.rb
-
backend add a scope or method to return projects not including security management project in
app/models/namespace.rb
and/oree/app/models/concerns/security/scan_result_policy.rb
-
backend updates service to loop through the projects in order to create the rules in
ee/app/services/security/security_orchestration_policies/process_scan_result_policy_service.rb
Verification steps
Edited by Zamir Martins