Skip to content

Fix deprecated properties method for multiple policies

Marcos Rocha requested to merge mc_rocha-fix-deprecate-properties-method-multiple-policies into master

What does this MR do and why?

Our current version of the deprecated properties method for scan result and approval policies checks all policies stored in the orchestration_policy_configuration.

If one of the policies contains a deprecated property, all policies from the orchestration_policy_configuration are considered as deprecated. More context on this thread(internal only).

This MR fixes the deprecated properties method to work with multiple policies.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After
Screenshot_2024-04-10_at_1.11.52_PM Screenshot_2024-04-11_at_8.19.07_AM

How to set up and validate locally

  1. Enable the feature flag
echo "Feature.enable(:security_policies_breaking_changes)" | rails c
  1. Create a new project
  2. Add a new member to the project with developer access
  3. Go to Secure > Policies
  4. Click on New policy
  5. Select Merge request approval policy
  6. Change to .yaml mode
  7. Copy the yaml below:
type: approval_policy
name: 'policy with deprecated properties'
description: ''
enabled: true
actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
      - developer
rules:
  - type: license_finding
    match_on_inclusion: true
    license_types:
      - BitTorrent Open Source License v1.0
      - BitTorrent Open Source License v1.1
      - Mozilla Public License 1.0
      - Mozilla Public License 1.1
      - Mozilla Public License 2.0
    license_states:
      - newly_detected
      - detected
    branch_type: protected
  1. Click on Configure with a merge request
  2. Merge the new MR to add the policy
  3. Go to Secure > Policies again
  4. Click on New policy
  5. Select Merge request approval policy
  6. Change to .yaml mode
  7. Copy the yaml below:
type: approval_policy
name: 'policy without deprecated properties'
description: ''
enabled: true
actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
      - developer
rules:
  - type: scan_finding
    scanners:
      - sast
    vulnerabilities_allowed: 0
    severity_levels:
      - critical
      - high
    vulnerability_states:
      - new_needs_triage
    branch_type: protected
approval_settings:
  block_branch_modification: false
  prevent_pushing_and_force_pushing: false
  1. Click on Configure with a merge request
  2. Merge the new MR to add the policy
  3. Go to Secure > Policies again and verify that only policy with deprecated properties is marked as deprecated

Screenshot_2024-04-11_at_8.54.10_AM

Edited by Marcos Rocha

Merge request reports