Create API endpoint to validate and force-sync the security policies
Why are we doing this work
Currently, when a security policy is changed by updating the policy.yml there will be multiple entities updated related to the security policy. All of the updates happen in the background through sidekiq workers. For policies that are applied at a group level, the policy sync process is done for each of the projects in the group. If the sync process is failed for some reasons, the entities related to the security policy would be in inconsistent state. The only possible way to mitigate this is to unlink and relink the security policy project which deletes all the links under the hood and recreate them from scratch. This is inefficient and not user-friendly.
As a part of this issue, we want to introduce an API endpoint (preferably GraphQL mutation) to force-sync the policies so that the policies are in consistent state.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing: