Expose policy_scope in security policy graphql API
What does this MR do and why?
This MR reinstates the revert MR !146386 (merged) due to gitlab-com/gl-infra/production#17690 (closed)
As a part of Support existing policies as we introduce polic... (#432513 - closed), we want to expose the policy_scope in the graphql query with the compliance frameworks and the projects.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
How to set up and validate locally
- Create a root level group and create a compliance framework
- Create Approval policy with policy scope:
type: approval_policy
name: SRP
description: ''
enabled: true
rules:
- type: scan_finding
scanners: []
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states: []
branch_type: protected
actions:
- type: require_approval
approvals_required: 1
group_approvers_ids:
- <ID>
policy_scope:
compliance_frameworks:
- id: <ID>- Enable
security_policies_policy_scopefeature flag:Feature.enable(:security_policies_policy_scope, group)and enable the Security policy scope experimental feature by going to Settings -> General -> Permissions & Group features -> Select Security Policy Scopes checkbox - Go to graphql-explorer and query for
approvalPolicies
query{
group(fullPath:"compliance-policies") {
approvalPolicies {
nodes {
policyScope {
complianceFrameworks {
nodes {
id
name
}
}
includingProjects {
nodes {
id
}
}
excludingProjects {
nodes {
id
}
}
}
}
}
}
}Addresses #432513 (closed)
Edited by Sashi Kumar Kumaresan