Add maximum SEP `action` count application setting and policy editor validation
Why are we doing this work
We need to add an upper limit for the number of actions per Scan execution policy and add a validation error message to the policy editor UI.
We don't enforce the action limit in the JSON schema, because (a) we can't control the schema with feature flags, and (b) all other policies would get invalidated as a result if there is at least one offending SEP.
When the setting is enabled, only the first 10 actions of a policy are processed.
Relevant links
Non-functional requirements
-
Documentation: we need to update our documentation to mention the newly introduced application setting. -
Feature flag: - we need feature flags for projects and groups that control whether the application setting gets enforced.
- should use the same feature flag that #472214 (closed) uses to enforce the setting.
-
Performance: -
Testing:
Implementation plan
DO NOT enable the feature flag prior to %18.0 since this is a breaking change.
- backend Add an application setting and a feature-flagged policy editor validation (draft)
-
backend extend
EE::SecurityOrchestrationHelper#orchestration_policy_datato pass down the application setting under amax_scan_execution_policy_actionskey
Verification steps
Edited by Dominic Bauer