Add deprecated warning for approval policies
What does this MR do and why?
This MR adds a deprecated warning for approval policies
This MR adds a deprecated_policy field behind the security_policies_breaking_changes feature flag to indicates if a policy is deprecated.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #446268
Screenshots or screen recordings
How to set up and validate locally
- Enable the feature flag
echo "Feature.enable(:security_policies_breaking_changes)" | rails c- Create a new project
- Add a new member to the project with developer access
- Go to Secure > Policies
- Click on New policy
- Select Merge request approval policy
- Change to .yaml mode
- Copy the yaml below:
type: approval_policy
name: Deny MIT
enabled: true
rules:
- type: license_finding
match_on_inclusion: true
license_types:
- MIT License
license_states:
- newly_detected
branch_type: default
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- developer- Click on Configure with a merge request
- Merge the new MR to add the policy
- Go to
/-/graphql-explorer - Add a query like:
{
project(fullPath: "root/test-mr-146520") {
approvalPolicies {
nodes {
name
deprecatedProperties
}
}
}
}- Verify the
deprecatedPropertiesis ["match_on_inclusion", "newly_detected"] - Go to Secure > Policies
- Update the policy with the content below to remove the deprecated fields :
type: approval_policy
name: Deny MIT
enabled: true
rules:
- type: license_finding
match_on_inclusion_license: true
license_types:
- MIT License
license_states:
- detected
branch_type: default
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- developer- Repeat the steps 11 and 12
- Verify the
deprecatedPolicyis empty
Edited by Marcos Rocha