SPIKE: Update yaml in policy drawer/editor to match policy file

Why are we doing this work

Current state - policy.yml Current state - policy editor Proposal - policy editor

Current state - policy.yml	Current state - policy editor	Proposal - policy editor
`--- scan_execution_policy: - name: SAST Enforcement description: '' description: test enabled: true policy_scope: compliance_frameworks: - id: 1016735 - id: 1016733 - id: 1016734 rules: - type: pipeline branch_type: protected actions: - scan: sast template: latest ## other scan execution policies may be in the array`	`type: scan_execution_policy name: SAST Enforcement description: '' enabled: true policy_scope: compliance_frameworks: - id: 1016735 - id: 1016733 - id: 1016734 rules: - type: pipeline branch_type: protected actions: - scan: sast template: latest`	`scan_execution_policy: - name: SAST Enforcement description: '' description: test enabled: true policy_scope: compliance_frameworks: - id: 1016735 - id: 1016733 - id: 1016734 rules: - type: pipeline branch_type: protected actions: - scan: sast template: latest`

---
scan_execution_policy:
- name: SAST Enforcement
  description: ''
  description: test
  enabled: true
  policy_scope:
    compliance_frameworks:
    - id: 1016735
    - id: 1016733
    - id: 1016734
  rules:
  - type: pipeline
    branch_type: protected
  actions:
  - scan: sast
    template: latest
## other scan execution policies may be in the array

type: scan_execution_policy
name: SAST Enforcement
description: ''
enabled: true
policy_scope:
  compliance_frameworks:
    - id: 1016735
    - id: 1016733
    - id: 1016734
rules:
  - type: pipeline
    branch_type: protected
actions:
  - scan: sast
    template: latest

scan_execution_policy:
- name: SAST Enforcement
  description: ''
  description: test
  enabled: true
  policy_scope:
   compliance_frameworks:
    - id: 1016735
    - id: 1016733
    - id: 1016734
  rules:
  - type: pipeline
    branch_type: protected
  actions:
  - scan: sast
    template: latest

Key points:

This would allow users to see how the policy.yml rule would appear directly, with all indentation matching.
I considered for a while what to do for type. I can see how you can't directly copy/paste, but I think it makes more sense to show a fully functioning policy.yml that would work in isolation. Then we can share context that scan_execution_policy is a type and all related policies in the file must be added in the array. 🤔
I'm okay if we just remove type as you suggested, in which case we can add context somehow that the policy rule would need to be applied in the type array.
Long-term, I think this could make it simpler for all policies when we end up with more policy types. I still see it as a preview and it will be limited, but better if portions of it are accurate to the code itself in my view (indentation included) 🤔

Relevant links

Non-functional requirements

Documentation:
Feature flag:
Performance:
Testing:

Implementation plan

frontend update the default yaml to be in the new format
frontend update the incoming existing yaml to be in the new formate
frontend update the policy <=> yaml methods to make it so none of the rule mode methods need to be updated to change the policy (e.g. the policy object is as it is now and is only converted to the new yaml format)
frontend update the policy schema validation to validate the yaml properly

Verification steps

Upload a GitLab Ultimate license
Navigate to a project/group => Secure => Policies => New policy => Select any policy type
Verify the yaml preview shows the new format
Make some changes in rule mode
Verify the yaml preview updates accordingly
Navigate to yaml mode
Verify the yaml validation is working
Make some changes in yaml mode => Navigate back to rule mode
Verify the rule mode has updated properly
Save the policy => Navigate back to the project/group => Secure => Policies => Select the new policy
Verify the drawer renders correctly

Edited Oct 02, 2024 by Alexander Turinske