Support existing policies as we introduce policy scope

Description

As we complete &5510 (closed), we are introducing the concept of a policy scope. Existing policies may currently be enforced against a set of projects based entirely on the way they are linked.

In the future, we will add the scope check, which takes effect after any links have been established. This allows users to suppress policies in an SPP from being enforced on all linked repos, so the desired policies are granularly enforced.

This issue will confirm and validate we appropriately handle this for all existing use cases:

SaaS instance with a single policy enforced against multiple-subgroups
Self-managed instance with a single policy enforced against multiple top level groups

Design

Figma dev mode link: https://www.figma.com/file/3lUtd3hdnfxnkZYVBMHS15/Policy-scope?type=design&node-id=1224%3A4432&mode=dev

Implementation Plan

backend Introduce Types::SecurityOrchestration::PolicyScopeType

# frozen_string_literal: true

module Types
  module SecurityOrchestration
    # rubocop: disable Graphql/AuthorizeTypes
    class PolicyScopeType < BaseObject
      # rubocop: enable Graphql/AuthorizeTypes
      graphql_name 'PolicyScope'

      authorize []

      field :compliance_frameworks, [::Types::ComplianceManagement::ComplianceFrameworkType],
        null: false,
        description: 'Compliance Frameworks linked to the policy.'

      field :including_projects, [::Types::ProjectType],
        null: false,
        description: 'Projects to which the policy should be applied to.'

      field :excluding_projects, [::Types::ProjectType],
        null: false,
        description: 'Projects to which the policy should not be applied to.'
    end
  end
end

backend Update ScanExecutionPolicy & ScanResultPolicy graphql types to add policy_scope field
frontend update the list component to include scope column

Edited Feb 08, 2024 by Camellia X Yang