Add policy scope based on policy configuration
What does this MR do and why?
This MR extends the Security Policy logic to apply a given policy based on policy_scope
settings in the policy. Based on this setting we can scope policies to provide a compliance framework or include/exclude selected projects.
How to set up and validate locally
- Create new Project
- Create new Policy for the project (for both Scan Execution Policy and Scan Result Policy) [Secure -> Policies -> Create new]
- Try to save policy - this should work without any problems
- Go to back to creating new policy
- Choose YAML-mode in the Policy Editor
- Try to add
policy_scope
:... policy_scope: compliance_frameworks: - id: 12345 projects: including: - id: 12345 excluding: - id: 23456 ...
- Policy should be saved without problems.
- Test multiple scenarios: Configure compliance framework, see if the policy is applied or not, and see if the policy is filtered based on including/excluding settings.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #428490 (closed)
Edited by Alan (Maciej) Paruszewski