Discussion for #374602 Situation 4 invalid approver configurations
Problem
"dead-end policy": When a policy requires 2 approvals from 2 people and a group of 2 people, one of the approvers becomes invalid, and the policy will never be approved, which means the MR with the policy will never be merged. In this case, we want to warn users.
This can happen after the policy is created.
Potential solution
Failing open is not acceptable to security rules. Because users need to meet strict compliance regulations, they need these rules to "fail closed" and block the merge request until the rule is fixed. We need to design better messaging for this scenario.
We can try to prevent it during MR creation; it will cover most cases. But there is still a small change this will happen after the MR creation.
Please see the design area
- Show the message on the MR page
- Do a check before MR is created
Edited by Camellia X Yang