Add scan_result_policies to Approval Rule graphql
What does this MR do and why?
This change adds the associated scan result policies to the MR approval rule graphql type. This is needed to show tooltip text as mentioned in this design: #420335 (comment 1505704761)
The frontend MR that uses this graphql query: !130286 (merged)
GraphQL Query
query {
project(fullPath: "root/test-419789") {
mergeRequest(iid: "9") {
approvalState {
rules {
id
scanResultPolicies {
reportType
}
}
}
}
}
}
Database
Query
SELECT
"approval_merge_request_rules"."report_type", "approval_merge_request_rules"."name", "approval_merge_request_rules"."approvals_required"
FROM
"approval_merge_request_rules"
WHERE
"approval_merge_request_rules"."merge_request_id" = 240280885
AND "approval_merge_request_rules"."security_orchestration_policy_configuration_id" = 21753
AND "approval_merge_request_rules"."orchestration_policy_idx" = 0
Query Plan
Index Scan using approval_mr_rule_index_merge_request_id on public.approval_merge_request_rules (cost=0.57..3.77 rows=1 width=16) (actual time=17.408..18.460 rows=2 loops=1)
Index Cond: (approval_merge_request_rules.merge_request_id = 240280885)
Filter: ((approval_merge_request_rules.security_orchestration_policy_configuration_id = 21753) AND (approval_merge_request_rules.orchestration_policy_idx = 0))
Rows Removed by Filter: 1
Buffers: shared hit=1 read=9 dirtied=3
I/O Timings: read=18.147 write=0.000
Time: 21.486 ms
- planning: 2.937 ms
- execution: 18.549 ms
- I/O read: 18.147 ms
- I/O write: 0.000 ms
Shared buffers:
- hits: 1 (~8.00 KiB) from the buffer pool
- reads: 9 (~72.00 KiB) from the OS file cache, including disk I/O
- dirtied: 3 (~24.00 KiB)
- writes: 0
Screenshots or screen recordings
How to set up and validate locally
- Create a scan result policy that contains both
license_finding
andscan_finding
rules in a same policy
type: scan_result_policy
name: Scan Result Policy rule
description: ''
enabled: true
rules:
- type: license_finding
match_on_inclusion: true
license_types:
- GNU General Public License v2.0 or later
- GNU Affero General Public License v3.0
license_states:
- newly_detected
branches:
- main
- type: scan_finding
scanners:
- dependency_scanning
- dast
- sast
vulnerabilities_allowed: 0
severity_levels:
- critical
vulnerability_states:
- newly_detected
branches:
- main
actions:
- type: require_approval
approvals_required: 1
group_approvers_ids:
- 22
- Create a MR with some random changes
- Go to
http://gdk.test:3000/-/graphql-explorer
and execute the query mentioned in the description and verify ifreportType
has bothSCAN_FINDING
andLICENSE_SCANNING
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Addresses #420335 (closed)
Edited by Sashi Kumar Kumaresan