Requested design version does not exist. Showing latest version instead
Support existing policies as we introduce policy scope
As we complete &5510 (closed), we are introducing the concept of a policy scope. Existing policies may currently be enforced against a set of projects based entirely on the way they are linked.
In the future, we will add the scope check, which takes effect after any links have been established. This allows users to suppress policies in an SPP from being enforced on all linked repos, so the desired policies are granularly enforced.
This issue will confirm and validate we appropriately handle this for all existing use cases:
- SaaS instance with a single policy enforced against multiple-subgroups
- Self-managed instance with a single policy enforced against multiple top level groups
Figma dev mode link:
Implementation Plan
backend Introduce
# frozen_string_literal: true
module Types
module SecurityOrchestration
# rubocop: disable Graphql/AuthorizeTypes
class PolicyScopeType < BaseObject
# rubocop: enable Graphql/AuthorizeTypes
graphql_name 'PolicyScope'
authorize []
field :compliance_frameworks, [::Types::ComplianceManagement::ComplianceFrameworkType],
null: false,
description: 'Compliance Frameworks linked to the policy.'
field :including_projects, [::Types::ProjectType],
null: false,
description: 'Projects to which the policy should be applied to.'
field :excluding_projects, [::Types::ProjectType],
null: false,
description: 'Projects to which the policy should not be applied to.'
backend Update
graphql types to addpolicy_scope
field - frontend update the list component to include scope column