New `ignore_default_before_after_script` scan execution policy setting breaks Rule Mode policy editor
Summary
!160466 (merged) introduced a new setting ignore_default_before_after_script to scan execution policies but this cannot currently be configured via the Rule mode policy editor.
Adding the setting via the .yaml mode editor results in the Rule mode is unavailable for this policy. In some cases, we cannot parse the YAML file back into the rules editor. message being displayed in the Rule mode editor, which is not a good UX.
Steps to reproduce
- Create a new Scan Execution Policy
- Edit the policy yaml in the .yaml mode editor and add the following
scan_settingsconfiguration (this configuration works as expected when saved):
actions:
- scan: dependency_scanning
scan_settings:
ignore_default_before_after_script: true- Switch to the Rule mode editor and note that you can no longer edit the policy.
Example Project
What is the current bug behavior?
Specifying scan setting prevents editing policy in Rule mode editor.
What is the expected correct behavior?
Scan settings should be supported by Rule mode editor.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: \\\`sudo gitlab-rake gitlab:env:info\\\`) (For installations from source run and paste the output of: \\\`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production\\\`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of: \`sudo gitlab-rake gitlab:check SANITIZE=true\`) (For installations from source run and paste the output of: \`sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true\`) (we will only investigate if the tests are passing)