Execution Policies not showing on scoped Compliance Frameworks when policy has frameworks from multiple top-level groups
Summary
When scoping an Execution Policy to Compliance Frameworks from multiple top-level groups, the policy isn't showing up properly in all frameworks. Note that this appears to be just a visual issue, the policy seems to be applied correctly.
Also worth noting that the UI does not allow configuring this, it has to be directly in the policy YAML.
Steps to reproduce
- Create two top-level groups
- Add a Compliance Framework to each group, e.g. with IDs 123 and 789
- Configure Execution Policy that is scoped to both frameworks, e.g.:
scan_execution_policy: - name: Test 123 description: '' enabled: false policy_scope: compliance_frameworks: [{id: 123}, {id: 789}] rules: - type: pipeline branches: - "*" actions: - scan: secret_detection skip_ci: allowed: true allowlist: users: [] - Observe that the policy is not showing in the
Policiescolumn on theFrameworkstab in both groups
Example Project
Not all publicly accessible as I needed to involve a colleague's top-level group, but in https://gitlab.com/groups/ahergenhan_ultimate_group/-/security/compliance_dashboard/frameworks we do not see my Test 123 policy on framework ID 1020778. This ID is specified in the policy here: https://gitlab.com/gl-demo-ultimate-mgrabowski/gl-demo-ultimate-mgrabowski-security-policy-project/-/blob/main/.gitlab/security-policies/policy.yml?ref_type=heads
What is the current bug behavior?
Policy not showing up on all scoped frameworks
What is the expected correct behavior?
Policy is showing up on all scoped frameworks
Relevant logs and/or screenshots
See screenshots/details in internal RFH issue: https://gitlab.com/gitlab-com/request-for-help/-/issues/2463
Output of checks
This bug happens on GitLab.com
Possible fixes
See internal theory: https://gitlab.com/gitlab-com/request-for-help/-/issues/2463#note_2380210882