Add new scope column to policy list
What does this MR do and why?
This MR adds new column for policy list.
Policy list has policy scope column
It can display:
- Compliance frameworks list (only 2 labels) and +n counter how many hidden
- Project excluded from scope (only 2 items) and +n counter how many hidden
- Specific projects (only 2 items) and +n counter how many hidden
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Description | UI |
---|---|
Group level | |
SPP Project | |
Project level |
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Enable Feature Flag
Feature.enable(:security_policies_policy_scope)
Feature.enable(:security_policies_policy_scope_project)
-
Go to Settings -> General (on a root group level)
-
Toggle the Permissions and group features section
-
Enable Security policy scope
-
Go to Group
-
Secure -> Policies -> New policy -> approval policy or execution policy
-
Create 3 different polices either vie
rule
mode oryaml
mode:type: approval_policy name: Compliance frameworks description: '' enabled: true policy_scope: compliance_frameworks: (use existing compliance frameworks id's) - id: 1 - id: 2 - id: 3 - id: 4 rules: - type: scan_finding scanners: [] vulnerabilities_allowed: 0 severity_levels: [] vulnerability_states: [] branch_type: protected actions: - type: require_approval approvals_required: 1 user_approvers_ids: - 1 approval_settings: block_branch_modification: true prevent_pushing_and_force_pushing: true
type: scan_execution_policy name: Excluding projects description: '' enabled: true policy_scope: projects: excluding: (use existing projects id's from root group) - id: 32 - id: 31 - id: 30 rules: - type: pipeline branches: - '*' actions: - scan: secret_detection
type: scan_execution_policy name: Excluding projects description: '' enabled: true policy_scope: projects: including: (use existing projects id's from root group) - id: 32 - id: 31 - id: 30 rules: - type: pipeline branches: - '*' actions: - scan: secret_detection
-
If you don't have compliance frameworks, go to Root group -> Settings -> General -> Compliance frameworks
-
Linked
Compliance frameworks
to projects in Secure -> Compliance center -> Projects -
After you created polices go back to policy list and check column scope section
-
Go to a created security project (
group name - Security Policy Project)
-
Link this SPP project to other 2-3 groups projects:
Just go to any project or group and link SPP project as SPP:
-
Go back to SPP project -> Secure -> Policies
-
Create same policies from yaml example and repeat step 6
-
Go to any regular project a -> Secure -> Policies (it shouldn't be linked to any project or group as SPP)
-
Repeat step 6
Related to #432513 #441518 (closed)