Scan Execution Policy Scope misleading user interface
Summary
When setting up Security Policies, users can limit the scope of their policies to specific projects. The problem at the moment is if a policy is configured at the subgroup level, other projects inside the group can "appear" to be still included.
Steps to reproduce
- Go to a top level group.
- Create a subgroup
Alpha. - Create another subgroup under
AlphanamedBravo. - Create two dummy projects under
Bravogroup. Ideally you should have something like this.
Top level group
|- Alpha
|- Bravo
|- project_01
|- project_02- Create a Scan Execution Policy under group
Alphaand limit the scope toproject_01. - Go to
project_02and observe that the Policy is still visible and mentionsScope: This projecthowever it is not actually triggered.
Example Project
https://gitlab.com/kballon_ultimate_group/zd579407_policy_inheritance
What is the current bug behavior?
The Policy appears on the project not included in the scope.
What is the expected correct behavior?
The Policy should not appear on the project not included in the scope.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)(we will only investigate if the tests are passing)