Merge request approval policies can be merged without rules
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Why are we doing this work
- a merge request approval policy without rules will not run, yet users are able to create them
- this may lead users to think that the settings are applied when they are not
Relevant links
approval_policy:
- name: Prevent approval by MR author
description: ''
enabled: true
policy_scope:
projects:
excluding: []
rules: []
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- developer
approval_settings:
block_branch_modification: true
block_group_branch_modification: false
prevent_pushing_and_force_pushing: false
prevent_approval_by_author: false
prevent_approval_by_commit_author: false
remove_approvals_with_new_commit: false
require_password_to_approve: falseNon-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
backend enforce this limit in some service like Security::SecurityOrchestrationPolicies::PolicyConfigurationValidationService
Old plan
We are not doing this because of the logic in #509424 (comment 2277975859)
diff --git a/ee/app/validators/json_schemas/security_orchestration_policy.json b/ee/app/validators/json_schemas/security_orchestration_policy.json
index 38c46112bb46..b153c4c088d8 100644
--- a/ee/app/validators/json_schemas/security_orchestration_policy.json
+++ b/ee/app/validators/json_schemas/security_orchestration_policy.json
@@ -824,6 +824,7 @@
"rules": {
"description": "Specifies conditions when a this policy should be applied.",
"type": "array",
+ "minLength": 1,
"maxItems": 5,
"additionalItems": false,
"items": {
Verification steps
Edited by 🤖 GitLab Bot 🤖