Skip to content

Add support for groups in policy scope

What does this MR do and why?

This MR adds the ability to scope policies to groups by extending the policy_scope option in policies.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Create a new Group (group-a)
  2. Create 3 new Subgroups (group-a/sugbroup-1, group-a/sugbroup-2, group-a/sugbroup-2/subgroup-2a)
  3. Copy the ID of the group-a/subgroup-2 group
  4. For the root group (group-a), go to Secure -> Policies and create a new policy (ie. Scan Execution Policy):
name: SEP scoped to subgroup
description: ''
enabled: true
- scan: container_scanning
    CS_IMAGE: alpine:3.12.0
- type: pipeline
  branch_type: all
    - id: 228 # ID of the `group-a/subgroup-2` group
  1. Create 2 projects (group-a/subgroup-1/project-1 and group-a/subgroup-2/subgroup-2a/project-1), add .gitlab-ci.yml file:
    - echo "Test Job!"
  1. For each project see the pipeline that was created. In group-a/subgroup-1/project-1, you should not see the container-scanning-0 job, while in group-a/subgroup-2/subgroup-2a/project-1, you will see this job.

Related to #468384

Edited by Alan (Maciej) Paruszewski

Merge request reports