Scan Execution Policy editor UI is incorrectly validating policies before saving
Summary
frontend is doing some validation, but isn't using the schema because rule mode doesn't handle every case (e.g. all cron syntax or agents (yet)). Instead the rule-mode supported attributes are hard-coded (e.g. type, branches, cadence ), but not agents.The bug is that the non-schema validation is also being used to check the policy before saving, which is incorrect. The user should be able to save whatever they want in yaml mode and let the backend validate with the schema, not the frontend with non-schema values.
Steps to reproduce
- Navigate to a project => Security & Compliance => Policies => New Policy => Scan execution => yaml mode
- Copy/paste the below policy into the policy editor and save the policy
type: scan_execution_policy
name: "Enforce CIS"
description: "This policy is enforcing cluster image scanning test"
enabled: true
rules:
- type: schedule
cadence: "0 * * * *"
agents:
agent-name:
namespaces:
- default
actions:
- scan: cluster_image_scanning
Example Project
TBD
What is the current bug behavior?
The policy does not save
What is the expected correct behavior?
The policy should save
Relevant logs and/or screenshots
TBD
Possible fixes
-
frontend modify fromYaml
method so that one can skip validation to allow users to save whatever yaml policy they want, but still allow for validation of whether rule mode is supported -
frontend update all usages of fromYaml
inscan_execution_policy_editor
Edited by Alexander Turinske