Disable "Unprotect" button when policy is in place
What does this MR do and why?
This MR resolves #421623 (closed)
Protected branches can not be unprotected if security policy is in place.
Security policy set up can prevent users from unprotecting branches
This MR also adds a popover
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Upload a GitLab Ultimate license
- Enable the feature flags
echo "Feature.enable(:scan_result_policies_block_unprotecting_branches)" | rails c- Go to Project/Settings/Repository/Protected Branches
/settings/repository#js-protected-branches-settings - Protect couple of branches, you should be able to unprotect it
- Go to Secure -> Policies -> New policy -> Scan Result Policy
- Go to
yamlmode - Use this policy:
type: scan_result_policy
name: Container Scanning
description: ''
enabled: true
actions:
- type: require_approval
approvals_required: 1
user_approvers_ids:
- 1
rules:
- type: scan_finding
scanners:
- container_scanning
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states: []
branch_type: protected
branch_exceptions:
- foobar (actual protected branches name you want to exclude)
approval_settings:
block_unprotecting_branches: true- Go back to settings,
unprotectbuttons should be disabled and popover for disabled buttons should be in place on hover
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #421623 (closed)
Edited by Alexander Turinske