Expose policy_scope in security policy graphql API
What does this MR do and why?
This MR reinstates the revert MR !146386 (merged) due to gitlab-com/gl-infra/production#17690 (closed)
As a part of Support existing policies as we introduce polic... (#432513 - closed), we want to expose the policy_scope in the graphql query with the compliance frameworks and the projects.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
How to set up and validate locally
- Create a root level group and create a compliance framework
- Create Approval policy with policy scope:
type: approval_policy
name: SRP
description: ''
enabled: true
rules:
- type: scan_finding
scanners: []
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states: []
branch_type: protected
actions:
- type: require_approval
approvals_required: 1
group_approvers_ids:
- <ID>
policy_scope:
compliance_frameworks:
- id: <ID>- Enable
security_policies_policy_scopefeature flag:Feature.enable(:security_policies_policy_scope, group)and enable the Security policy scope experimental feature by going to Settings -> General -> Permissions & Group features -> Select Security Policy Scopes checkbox - Go to graphql-explorer and query for
approvalPolicies
query{
group(fullPath:"compliance-policies") {
approvalPolicies {
nodes {
policyScope {
complianceFrameworks {
nodes {
id
name
}
}
includingProjects {
nodes {
id
}
}
excludingProjects {
nodes {
id
}
}
}
}
}
}
}Addresses #432513 (closed)
Merge request reports
Activity
changed milestone to %16.10
assigned to @sashi_kumar
removed frontend label
removed UI text label
removed Technical Writing label
removed automation:ux-missing-labels label
removed docs-channel label
Resolved by Andy Schoenen@mc_rocha Since you already have context on this, would you mind taking an initial look?
- Last reply by Andy Schoenen
requested review from @mc_rocha
- A deleted user
added documentation label
1 Message 📖 This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge. Documentation review
The following files require a review from a technical writer:
-
doc/api/graphql/reference/index.md(Link to current live version)
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.mdfiles that you've changed. The first few lines of each*.mdfile identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
Reviewer roulette
Category Reviewer Maintainer backend @joseph
(UTC+0, same timezone as author)
@hraghuvanshi (UTC+5.5, 5.5 hours ahead of author)
Please check reviewer's status!
-
Reviewer is available!
-
Reviewer is unavailable!
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
If needed, you can retry the
🔁 danger-reviewjob that generated this comment.Generated by
🚫 Danger-
mentioned in issue #444227 (closed)
added pipeline:mr-approved label
Resolved by Andy Schoenen👋 @mc_rocha, thanks for approving this merge request.This is the first time the merge request has been approved. To ensure we don't only run predictive pipelines, and we don't break
master, a new pipeline will be started shortly.Please wait for the pipeline to start before resolving this discussion and set auto-merge for the new pipeline. See merging a merge request for more details.
requested review from @Andyschoenen and removed review request for @mc_rocha
E2E Test Result Summary
allure-report-publishergenerated test report!e2e-test-on-gdk:
✅ test report for 87f5ce3bexpand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Govern | 66 | 0 | 0 | 0 | 66 | ✅ | | Create | 8 | 0 | 3 | 0 | 11 | ✅ | | Package | 0 | 0 | 1 | 0 | 1 | ➖ | | Plan | 4 | 0 | 0 | 0 | 4 | ✅ | | Monitor | 4 | 0 | 0 | 0 | 4 | ✅ | | Data Stores | 2 | 0 | 0 | 0 | 2 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 84 | 0 | 4 | 0 | 88 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+e2e-package-and-test:
✅ test report for 87f5ce3bexpand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Govern | 272 | 0 | 19 | 0 | 291 | ✅ | | Create | 153 | 0 | 20 | 0 | 173 | ✅ | | Package | 0 | 0 | 2 | 0 | 2 | ➖ | | Plan | 8 | 0 | 0 | 0 | 8 | ✅ | | Monitor | 8 | 0 | 0 | 0 | 8 | ✅ | | Data Stores | 4 | 0 | 0 | 0 | 4 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 445 | 0 | 41 | 0 | 486 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+enabled an automatic merge when the pipeline for 745122ff succeeds
mentioned in commit ac499bf2
added workflowcanary label and removed workflowin dev label
added workflowproduction label and removed workflowcanary label
mentioned in merge request !146721 (merged)
mentioned in merge request !145182 (closed)
mentioned in merge request kubitus-project/kubitus-installer!2869 (merged)
added releasedpublished label
added pipelinetier-3 label
