Scan Result Policy editor UI is incorrectly validating policies before saving
Summary
The policy editor for scan result policies is doing validation, but isn't using the schema because rule mode doesn't handle every case. Instead the rule-mode supported attributes are hard-coded (e.g. type, user_approvers, etcetera ). The bug is that the non-schema validation is also being used to check the policy before saving, which is incorrect. The user should be able to save whatever they want in yaml mode and let the backend validate with the schema, not the frontend with non-schema values.
Steps to reproduce
- Navigate to a project => Security & Compliance => Policies => New Policy => Scan result => yaml mode
- Copy/paste the below policy into the policy editor and save the policy
type: scan_result_policy
name: 'test'
description: ''
enabled: true
rules:
- type: ''
actions:
- type: require_approval
approvals_required: 1
user_approvers: []
test: 'f'
Example Project
TBD
What is the current bug behavior?
The policy does not save
What is the expected correct behavior?
The policy should save
Relevant logs and/or screenshots
TBD
Possible fixes
-
frontend replicate Remove validation of scan execution policy yaml... (!98729 - merged) for the scan result code -
frontend the schema is retrieved, so the frontend could remove the hardcoded values and use the schema to check if rule mode is disabled ("won't do" because this would prevent the backend from adding new values to the schema without also having to disable rule mode for them manually, which adds a connection between the backend and frontend that I don't think is appropriate)
Edited by Alexander Turinske