Skip to content

Migrate existing policy to approval_policy on replace

Martin Čavoj requested to merge 413783-be-automigrate-to-approval_policy-type into master

What does this MR do and why?

This is a follow-up of Support approval_policy as policy type (!142559 - merged) and adds an auto-migration for existing scan_result_policy types when these are updated.

See also !142264 (comment 1742387707) for more context.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

When a policy with type: approval_policy is submitted from frontend, the policy will be migrated in the YAML from scan_result_policy to approval_policy.

note: in the recording, changes from Update scan result policy name (!142264 - merged) were used, otherwise frontend wouldn't load the editor for type=approval_policy.

CleanShot_2024-01-29_at_12.04.42

How to set up and validate locally

  1. Visit Secure -> Policies, create a new Scan Result policy
  2. Use the following YAML: 
    type: scan_result_policy
name: Test
description: ''
enabled: true
rules:
  - type: any_merge_request
    branch_type: protected
    commits: any
  - type: scan_finding
    scanners: []
    vulnerabilities_allowed: 0
    severity_levels: []
    vulnerability_states: []
    branch_type: protected
actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
      - developer
  3. Configure with merge request and Merge
  4. Click on the policy and edit it
  5. Go to the .yaml mode and change type to type: approval_policy
  6. Configure with merge request and Merge
  7. Check the MR changes and verify that policy has been migrated to approval_policy type in the YAML

Related to #413783 (closed)

Edited by Martin Čavoj

Merge request reports