Spike: Explore Changing Security Policy Limits Application
Time-window: 5 days
Background
Currently, security policy limits are applied per security policy project, allowing a maximum of 5 policies for each type regardless of policy scope. With the introduction of policy scopes in Security Policies, we need to adapt our approach to better accommodate user needs while maintaining system performance.
Spike Goals
- Investigate changing the limit application from per-policy-project to per-target-project.
- Explore allowing users to define more than 5 policies while still limiting the number of policies applied to a given project to 5.
- Consider UI changes to effectively present policies that may not be currently applied to a given project.
Tasks
- Develop a Proof of Concept (PoC):
- Update GraphQL APIs to return information on whether a policy can be currently applied.
- Implement the PoC behind a feature flag for initial testing.
- After internal testing, implement an experimental policy feature flag as described in #519310 (closed).
- Explore increasing the policy limit:
- Investigate allowing users to set the limit up to a maximum of 20 policies.
- Implement this as an experiment config option initially.
- Create an implementation plan:
- Develop a detailed plan for the full feature implementation.
- Create an Epic with all acceptance criteria for the finalized feature.
- UI Considerations:
- Propose UI changes to clearly display which policies are currently applied and which are available but not applied due to the limit.
- Performance Impact:
- Assess the potential performance impact of allowing more policies to be defined.
- Propose optimizations if necessary.
- Migration Strategy:
- Outline a plan for migrating existing policy configurations to the new system.
Deliverables
- Working PoC with updated GraphQL APIs
- Feature flag implementation plan
- Experiment config option for increased policy limit
- Detailed implementation plan
- Migration strategy plan