Update scan result policy editor validation
What does this MR do and why?
Describe in detail what your merge request does and why.
Remove validation of scan result policy yaml
- when moving from yaml mode to rule mode, validation needs to happen on the policy yaml to determine whether rule mode supports the inputted yaml
- when saving a policy, no validation should occur on the frontend because the frontend does not have the official schema. Validation should happen on the backend
- allow for skipping validation of the yaml when converting it to an object on save or to check if rule mode should be disabled
- update initial yaml parsing to use the same logic as when a policy gets updated to ensure parsing is consistent for new and existing policies
- remove the redundant computed property "policyYaml" and update yamlEditorValue directly to have asingle source of truth for what the yaml is
- update tests
What this MR does
- Fixes the drawer and editor not loading for policies with unsupported attributes
- Brings scan result policies code in alignment with scan execution policies code
What this MR does not do
Abstracts similar code between scan execution and scan result policies because
- This fixes a bug specific to scan result policies
- This change is complicated enough just with scan result policies
- This change brings scan result policies code into alignment with scan execution code (Remove validation of scan execution policy yaml... (!98729 - merged)) to make it easier to abstract shared code out in the future
- This change is already quite large without touching the scan execution code
Changelog: changed
EE: true
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
No visual change for policies that have supported properties
Scenario | Before | After |
---|---|---|
Policy Drawer - Yaml with "unsupported" attribute | ![]() |
![]() |
Policy Editor - Yaml with "unsupported" attribute | ![]() |
![]() |
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Upload a GitLab Ultimate license
- Turn on the
:scan_execution_rule_mode
feature flag - Navigate to a project =>
Security & Compliance
=>Policies
=>New policy
=>Scan Execution Policy
=>yaml mode
- Copy/paste the below policy into the policy editor and save the policy
Sample Policy
type: scan_result_policy
name: Unsupported policy
description: ''
enabled: true
rules:
- type: scan_finding
branches: []
scanners: []
vulnerabilities_allowed: 0
severity_levels:
- medium
vulnerability_states:
- dismissed
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- developer
unsupported: 'attribute'
- Navigate to rule mode
- The rule mode should be disabled and the yaml should show in the preview
- Navigate back to yaml mode =>
Configure with merge request
=> Merge the MR => Navigate back to the project =>Security & Compliance
=>Policies
=> Select the new policy =>Edit policy
- The rule mode should be disabled and the yaml should show in the preview
- Navigate to yaml mode
- the policy should show as expect
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #396840 (closed)
Related to !98729 (merged)
Edited by Alexander Turinske