Skip to content

Warning for scheduled scan execution policy for large groups

Artur Fedorov requested to merge 468352-policies-scheduled-policy-warning into master

What does this MR do and why?

  1. Scan execution policy on a group level can have potential performance issues
  2. If group has 1000+ projects (including subgroups) and scheduled rule is selected, user should see the warning
  3. Warning can be dismissed and policy can be saved, or user can dismiss warning and continue editing

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

New policy Existing policy
schedule.mov existing policy.mov

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Navigate to the Policy Editor for Scan Execution Policy for groups with many projects. (Secure -> Policies -> New policy -> Scan execution)
  2. Or you can mock it in ee/security_orchestration/components/policy_editor/scan_execution/constants.js PROJECTS_COUNT_PERFORMANCE_LIMIT
  3. Try to create a scheduled scan and try to save the policy.
  4. Verify that a warning message indicates the potential performance impact.
  5. Verify that the user can bypass the warning and save the policy.
  6. Now go to the Project policy editor and group with a low number of projects.
  7. Try to create a scheduled scan and try to save the policy.
  8. Verify that a warning message is not displayed.

Related to #468352 (closed)

Merge request reports