Search only descendant groups when applicable
What does this MR do and why?
Describe in detail what your merge request does and why.
Search only descendant groups when applicable
- use new setting to trigger to only search in descendant groups
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Status of :security_policy_global_group_approvers_enabled | Policy Drawer | Group Select |
---|---|---|
true | ||
false |
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Disable the application setting, which is enabled by default:
echo "Gitlab::CurrentSettings.update_attribute(:security_policy_global_group_approvers_enabled, false)" | rails c
- Create a new group
nameless-bird
- Add any member to the group and assign the "Developer" role
- Create another top-level group
purple-frog
- Create a new subgroup
purple-frog/nameless-bird
- Add any other member to the subgroup and assign the "Developer" role
- Create a new project
purple-frog/nameless-bird/example
- Within the project, navigate to
Security & Compliance > Policies
, click "New policy" and create a new Scan Result Policy:
type: scan_result_policy
name: Dependency Scanning
description: ''
enabled: true
rules:
- type: scan_finding
branches: []
scanners:
- dependency_scanning
vulnerabilities_allowed: 0
severity_levels:
- critical
- high
- medium
- low
- unknown
- info
vulnerability_states:
- newly_detected
- detected
- confirmed
- dismissed
- resolved
actions:
- type: require_approval
approvals_required: 1
group_approvers: ["nameless-bird"]
- Within the project, navigate to
Security & Compliance > Policies
, click on the "Dependency Scanning" policy and verify that the sidebar lists onlypurple-frog/nameless-bird
as approvers - Create a new MR that adds
Gemfile.lock
with the following contents:
GEM
remote: https://rubygems.org/
specs:
rack (0.1.0)
PLATFORMS
x86_64-darwin-20
DEPENDENCIES
rack (= 0.1.0)
BUNDLED WITH
2.3.22
- Verify that the merge request approval rules lists members from
purple-frog/nameless-bird
, not the top-levelnameless-bird
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #378234 (closed)
Edited by Alexander Turinske