Skip to content

[Compliance Pipelines][FE] Policy Editor uses params to pre-fill form

Problem to solve

Avoid users entering data manually that we already have.

In Make policy migration context aware (!159244 - merged) • SAM FIGUEROA • 17.3 we changed the migration banner to send the current pipeline config path and the framework ID in the request parameters. As suggested in #424387 (comment 1968071537) the policy editor should use these params to populate the form for the user when these data are present.

User experience goal

When users attempt to migrate from a pipeline to a policy they arrive at the policy editor with the data that was previously set on the compliance pipeline and don't need to start with a blank slate, enabling them a quicker and less daunting/confusing transition.

We also need to update the description in the policy MR if the pipeline has been migrated. Stating that it is a migrated pipeline, and will need to be removed from framework to use the policy and link to the framework.

Proposal

When a user selects migrate policy button they will be relocated to the PEP policy editor with all of the fields preconfigured based on compliance pipelines configuration:

  • pipeline_config_strategy set to override_project_ci
  • policy_scope set to { compliance_frameworks: [{ id: <FRAMEWORK_ID> }] }
  • content set to { include: [{ <PROJECT>, <FILE> }] }
  • metatdata set to { compliance_pipeline_migration: true }

Where:

  • FRAMEWORK_ID is the id of the framework where the compliance pipeline is being migrated from
  • PROJECT is the project namespace where the compliance yml file is stored
  • FILE is the name and position of the compliance yml file

Once a user has then created an MR to create the PEP policy the MR title and description should be updated to reflect that this is a migrated compliance pipeline.

MR Title: Compliance pipeline migration to pipeline execution policy

MR Description:

This merge request migrates compliance pipeline <PROJECT>@<FILE> to a pipeline execution policy scoped to framework <FRAMEWORK_NAME>.

The compliance pipeline will continue to overwrite the new pipeline execution policy until it is removed form the compliance framework configuration.

Once this MR has been merged please go to [<FRAMEWORK_NAME>](<FRAMEWORK_LINK>) and remove the compliance pipeline so that the new pipeline execution policy can take precedence
Edited by Nate Rosandich